Re: Immutable flag and packages

To: debian-devel@lists.debian.org
Subject: Re: Immutable flag and packages
From: bear@coyotesong.com
Date: Mon, 6 Apr 1998 19:43:14 -0600 (MDT)
Message-id: <[🔎] 199804070143.TAA04658@indra.com>
In-reply-to: <199804070141.TAA20995@server.indra.com> from "Mailer-Daemon" at Apr 6, 98 07:41:13 pm

> 
> If the securelevel is greater than zero, the immutable and append_only 
> flags can't be altered.

Ah, some of the earlier comments now make a lot more sense.  That also
explains why "man -k securelevel" was remarkably uninformative.

Again, I'm forced to ask if forcing the system into a somewhat idle
mode before changing critical files is a Bad Thing.  As a rough 
approximation, perhaps a "secure" installation should default to 
immutable for the executables in /sbin, /usr/sbin and /bin, but not
/usr/bin.  A "paranoid" installation would set all package executables 
to immutable.

Bear Giles
bear@coyotesong.com


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Immutable flag and packages
  - From: Fabien Ninoles <crow@nightbird.tzone.org>

Prev by Date: Re: intent to package Netscape Communicator
Next by Date: Re: 03-29 boot disks - configuration control
Previous by thread: Re: Immutable flag and packages
Next by thread: Re: Immutable flag and packages
Index(es):
- Date
- Thread