From owner-freebsd-security  Wed May 22 17:15:54 2002
Delivered-To: freebsd-security@freebsd.org
Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146])
	by hub.freebsd.org (Postfix) with ESMTP id 456EE37B422
	for <freebsd-security@freebsd.org>; Wed, 22 May 2002 17:15:44 -0700 (PDT)
Received: from spark.techno.pagans (spark.techno.pagans [4.61.202.145])
	by spork.pantherdragon.org (Postfix) with ESMTP
	id 6BD4F471DA; Wed, 22 May 2002 17:15:42 -0700 (PDT)
Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2])
	by spark.techno.pagans (Postfix) with ESMTP
	id 3991126C17; Wed, 22 May 2002 17:15:40 -0700 (PDT)
Message-ID: <3CEC34AC.4F2EEEB5@pantherdragon.org>
Date: Wed, 22 May 2002 17:15:40 -0700
From: Darren Pilgrim <dmp@pantherdragon.org>
X-Mailer: Mozilla 4.76 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Stephanie Wehner <_@r4k.net>
Cc: freebsd-security@freebsd.org
Subject: Re: file flags in /modules
References: <20020522194304.GA70619@r4k.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Stephanie Wehner wrote:
> Is there any particular reason why the immutable flag is turned on for
> /kernel, but not for any loadable modules ?

To make it harder to accidentally overwrite the kernel.  There's no
real security gain.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message