>> You'd probably want more than just setuid files as immutable.  On my
>> system, the following are immutable :
>> [list of file]
>
>Remember to mark immutable the directories too, or the hacxker can
>still mv the file and install a new one.

bzzt!  nope.  mv-ing the file would require a change to the inode,
which ain't allowed.

of course...they could always move the entire directory...

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."