Subject: re: Making setuid files immutable
To: Dr. Lex Wennmacher <wennmach@geo.Uni-Koeln.DE>
From: matthew green <>
List: tech-security
Date: 01/20/1999 11:41:22
   o add a `flags' keyword; values may be schg, sappnd. Extending this list
           to all flags supported by chflags(1) may be considered.

i did this several months ago.
   o add a `-i' option (`i'mmutable): Set the flags specified by the flags
   o add a `-m' option (`m'utable): Remove the flags specified by the flags
           keyword. This can only be done at securelevel=0.

obviously, mtree(8) will not attempt to enforce that restriction..
   o customize /etc/mtree/NetBSD.dist and/or /etc/mtree/special
   The `-i' and `-m' options should be inverse operations so that we only need one
   mtree input file.

these are a good idea.  would you do this work?