Subject: Re: Making setuid files immutable
To: Christos Zoulas <>
From: Eduardo E. Horvath <>
List: tech-security
Date: 01/20/1999 09:19:31
On Tue, 19 Jan 1999, Christos Zoulas wrote:

> In article <990119181217.ZM5267@pluto.geo.Uni-Koeln.DE> wennmach@geo.Uni-Koeln.DE (Dr. Lex Wennmacher) writes:
> >o add a `-i' option (`i'mmutable): Set the flags specified by the flags
> >keyword.
> >
> >o add a `-m' option (`m'utable): Remove the flags specified by the flags
> >        keyword. This can only be done at securelevel=0.
> >
> >o customize /etc/mtree/NetBSD.dist and/or /etc/mtree/special
> This has not been done... Could be a good idea. On the other hand, you might
> want to have some files that are permanently append only or immutable, so
> you might have some syntax as +flagname to specify that this does not get
> affected by -i and -m.

Have you considered just using different mtree files, say
/etc/mtree/ instead of adding command line options?

Eduardo Horvath
	"I need to find a pithy new quote." -- me