[ On Wednesday, February 3, 1999 at 21:32:23 (-0500), Thor Lancelot Simon wrote: ]
> Subject: Re: /dev/log -> /var/run/log
>
> By the way, I *seriously* question the utility of using file flags to
> "secure" a system.  To get any serious guarantee, every program run
> from rc (or any script it runs) while securelevel is zero must be marked
> schg; also, rc, rc.conf, etc. must be marked schg.  A system set up that
> way is almost as irritating to run as a system with a read-only root fs.

Depending on exactly what purpose the system serves, a read-only root fs
might actually be less frustrating to use than one where each critical
file was individually marked as immutable!  ;-)

(eg. a firewall with no users shouldn't need /etc to be writable any
more than it needs /bin to be writable)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>