Subject: Re: chflags script?
To: None <>
From: Michael Richardson <>
List: tech-security
Date: 08/15/1999 18:32:01

>>>>> "Lex" == Lex Wennmacher <wennmach@geo.Uni-Koeln.DE> writes:
    Lex> The latter, unless you reset the sappnd flag on the /etc directory.
    Lex> Generally, you want to have the sappnd flag set on /etc, so that it
    Lex> becomes impossible to remove or rename /etc. (Directories with the
    Lex> sappnd flag set may not be removed nor renamed, nor may files in them
    Lex> be deleted, however new files may be created). passwd(1) generates
    Lex> temporary files in /etc, which can't be removed anymore.

    Lex> Here is what happens if you have the sappnd flag set on /etc:

  Okay, no problem. Not being able to change passwords without single user
mode is just fine on a firewall.

  I'd like to see something like your checked in, perhaps
several different variations, maybe in /usr/share/examples/chflags. I would
be very happy to help maintain it.

  Specifically, I'm looking at a CDrom boot that uses rsync to grab
config files from a predefined server. (maybe with a personality floppy,
maybe just assume that one has a burner) 
  I'm humming and hawing about rsync over SSH or not.

	pro: store the private key on the CDrom/floppy, stored offline,
		and it means that one might even do updates over
		a hostile network. 
             no new process required on server machine, no firewall
		issues, etc. if machine already accepted SSH logins.
	     only authorized public keys can look at config files

	con: SSH is too powerful, so the account has to be treated
		with care.
	     SSH is not properly licensed (but lsh, a clone is making headway)
             anonymous rsync access involves creating no special priveledges

  Ideally, I'd like to be able to do
"cd /usr/src; make install DESTDIR=/myfirewall/root" 
and have an appropriate $DESTDIR/etc/mtree/NetBSD.dist and friends created to
store the intended file permissions at the destination.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface