Re: Immutable files

To: "Debian Developers' Forum" <debian-devel@lists.debian.org>
Subject: Re: Immutable files
From: karlheg@bittersweet.inetarena.com (Karl M. Hegbloom)
Date: 25 Dec 1997 03:25:38 -0800
Message-id: <[🔎] 87vhwd8y19.fsf@bittersweet.inetarena.com>
In-reply-to: Topi Miettinen's message of "Thu, 25 Dec 1997 11:41:57 +0200"
References: <[🔎] 199712240141.BAA27310@odie.barnet.ac.uk> <[🔎] 199712250941.LAA19711@pop.ml.tele.fi>

>>>>> "Topi" == Topi Miettinen <Topi.Miettinen@ml.tele.fi> writes:

    Topi> Matthew Wilcox writes:
    >>
    >> From a security point of view, it might be considered
    >> worthwhile to install system executables (particularly the suid
    >> ones) and then mark them immutable.

    Topi> Sounds like a simple extension to suidmanager
    Topi> package. According to WNPP, it needs a new maintainer (hint
    Topi> hint).

 I've already taken over maintainership from Christoph Lameter
 <clameter@waterf.org>.

 I suppose that the immutable bit could be set by adding a new
 optional argument and optional field in "/etc/suid.conf".  But what
 happens when you go to upgrade the package?

 If the prerm scripts ran `suidunregister', it might work.  But that's
 being done in the postrm scripts, after the old file is supposed to
 be removed. (is that right?)  The file cannot be deleted with the
 immutable bit set.

    Topi> Maybe using suidmanager should be enforced by the Policy?

 Yes, perhaps.  Has this been discussed before?

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Immutable files
  - From: Matthew Wilcox <willy@odie.barnet.ac.uk>
- Re: Immutable files
  - From: Topi Miettinen <Topi.Miettinen@ml.tele.fi>

Prev by Date: Re: Emacs20 and mail file locking.
Next by Date: Re: Emacs20 and mail file locking.
Previous by thread: Re: Immutable files
Next by thread: ever heard of ftwalk?
Index(es):
- Date
- Thread