> From: Charles M. Hannum
>
>
>>y0001006@ws.rz.tu-bs.de (Thomas Boroske) writes:
>> ...
>> BTW: Is chflags schg MEANT to be irreversible in normal (root) mode ?
>
>Yes, that's the whole point.  To prevent ordinary users from changing
>the file, you would use the traditional Un*x-style permissions.

actually, i thought it was more a preventative measure against important
files not getting corrupted by hackers and the like.  for example, you
would make all your log files append only, make you kernel immutable,
etc.  if a file's unchangable (or immutable) unless you remove the flag
and you can only do that in securelevel 0 (or lower :), then it's less
likely that anyone could do anything nasty to that file.

of course, if they get root (which is how they discover that they can't
change it anyway) they can still make changes to rc (which runs when
securelevel is 0) to effect the changes they want and then cause the
machine to reboot.  so (imho), ultimately, it's just another layer of
security, obscurity, and futility.  :)  don't get me wrong, i really
like it, but there're still ways around it.

objoke: three fundamental rules of computer security:
1) don't buy a computer.
2) if you must buy a computer, don't turn it on.
3) if you must buy a computer and you must turn it on, sell it as
   quickly as you can.

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."