Re: Moving rc.d scripts to base.tgz

To: Julio Merino <jmmv%julipedia.org@localhost>
Subject: Re: Moving rc.d scripts to base.tgz
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 14 Apr 2011 12:25:59 -0400

On Thu, Apr 14, 2011 at 01:40:39PM +0100, Julio Merino wrote:
> Hello,
> 
> Every time I run etcupdate and notice differences in the rc.d scripts,
> I can't stop wondering why these binaries are part of etc.tgz (other
> than them being in /etc/).

I have confronted this issue myself repeatedly while trying to build
secure systems whose configuration can be updated.  The presence of all
this interpreter input in /etc means one can't safely leave /etc
mounted read-write ("configuration data" can be written) while leaving
the rest of the system mounted read-only ("binaries" can't).

I know it will raise a storm of protest but I would actually like to
see all the shell input in /etc move to a different directory to make
it easier to build systems secured in this way without resorting to
much more complicated solutions such as veriexec.

Thor

Follow-Ups:
- Re: Moving rc.d scripts to base.tgz
  - From: der Mouse
- Re: Moving rc.d scripts to base.tgz
  - From: Julio Merino

References:
- Moving rc.d scripts to base.tgz
  - From: Julio Merino

Prev by Date: Re: Moving rc.d scripts to base.tgz
Next by Date: Re: Moving rc.d scripts to base.tgz
Previous by Thread: Re: Moving rc.d scripts to base.tgz
Next by Thread: Re: Moving rc.d scripts to base.tgz
Indexes:

Home | Main Index | Thread Index | Old Index