On Thu, 26 Jun 1997, Luke Mewburn wrote:

.. 
.. I've compiled a list of non-closed bug reports that I believe are
.. related to security. mrg and I have discussed these, and there's a few
.. that we'd like further input on before action is taken.



.. 8. changing stuff in /etc/mtree/special to be optional
.. ------------------------------------------------------
.. 
.. PR 3663 modifies /etc/mtree/special so that a lot of directories and
.. files that won't exist in every installation are "optional".
.. 
.. Looks like a good idea, and I can't see fault in it. I may be missing
.. something obvious though.


That's one of my PR's. The rationale is that several files (e.g.
/etc/exports) need not be present on any given machine. By marking it
optional, /etc/security won't complain with a stock /etc/mtree/special,
but if the file is present, but has wrong attributes, it will complain.

Note that this only applies to /etc/mtree/special that is used on
an installed system. It does not preclude the installation process
from wanting to install any of these files.

If this PR is applied, even more files than the one mentioned in my patch
in the PR should be evaluated with respect to being optional. This can
be done as part of fixing the PR, or by submitting new patches later
when this principle has been accepted.

I also suggest that a comment be added to /etc/mtree/special to explain
the criteria for marking files optional.

regards
- Erik Bertelsen