According to Andrew Brown:
>
>yeah, but then you'd also have to make /etc immutable (otherwise they could
>just move /etc elsewhere and make a new one by copying everything) and you
>would probably want to make / immutable while you were at it.  no?  that
>woudl work (wouldn't it?) but then if you wanted to do *ANYTHING* to rc
>(or rc.local or netstart or anything else rc runs or maybe even inetd (since
>there's a small window of opportunity when inetd has started but rc hasn't
>finished so the machine is still at securelevel 0) immutable) you'd have to
>go to the console and take the machine down to single user.  talk about an
>administrative nightmare.  it would be secure only because you could't
>possibly do anything to it.
>

Sometimes this is a desirable thing to do, I would not recommend it
for the run of the mill machine but if you are building a firewall
machine then what chflags can do for you is damned handy - make all
the binaries & configs immutable, stop sym links from being followed
in /tmp, make various log files append only and so on.  It would be a
fair whack of work to get it right but it sure beats using a switch to
write protect a hard disk (yes, with some scsi hard disks you _can_
write protect them).  This hardens up your machine giving you some
confidence that people cannot get in and install trojan horse programs
- what the computer security geeks would call a Trusted Computing Base
(TCB) or a Trusted Path.

The administration is a real problem but persons tweaking your
firewall on your behalf is usually considerd more of a problem ;-)

-- 
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
  "Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.