From owner-freebsd-hackers  Mon Feb 19 03:53:12 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id DAA21996
          for hackers-outgoing; Mon, 19 Feb 1996 03:53:12 -0800 (PST)
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id DAA21637
          for <hackers@freebsd.org>; Mon, 19 Feb 1996 03:47:33 -0800 (PST)
Received: by sequent.kiae.su id AA16184
  (5.65.kiae-2 ); Mon, 19 Feb 1996 14:38:21 +0300
Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 19 Feb 96 14:38:21 +0300
Received: (from ache@localhost) by ache.dialup.ru (8.7.3/8.7.3) id OAA00526; Mon, 19 Feb 1996 14:17:58 +0300 (MSK)
To: hackers@freebsd.org, Frank Durda IV <uhclem@nemesis.lonestar.org>
References: <m0toMB5-000C7fC@nemesis.lonestar.org>
In-Reply-To: <m0toMB5-000C7fC@nemesis.lonestar.org>;
    from Frank Durda IV at Sun, 18 Feb 96 21:22 WET
Message-Id: <JKcn5AnWN1@ache.dialup.ru>
Organization: Olahm Ha-Yetzirah
Date: Mon, 19 Feb 1996 14:17:58 +0300 (MSK)
X-Mailer: Mail/@ [v2.42 FreeBSD]
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=
    (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
Subject: Re: Is "immutable" supposed to be a good idea?
Lines: 30
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
Precedence: bulk

In message <m0toMB5-000C7fC@nemesis.lonestar.org> Frank Durda IV
    writes:

>If seems there is agreement after all:
>o	The applications should either list the files that can't be restored
>	or extracted, or SHOULD BE ABLE TO extract/restore over
>	an immutable file in maintenance mode (Level 0) or some other set
>	of criteria WITHOUT having to build a level -1 kernel first,  

You don't need to build separate kernel, just issue some sort
of sysctl.

>I'll fix restore to nuke & replace immutable files automatically *if*
>someone would guarantee that some approved version of the changes would
>be allowed into the release tree.  (No point if there is some religious
>reason for not doing this.) 

You need to fix *all* backup/restore utils too: tar, cpio, pax,
it is false way. Better way is to have one command that change
kernel secure level to *less* secure, i.e. to level which ignores
immutable bits meaning completely.
It maybe some sysctl shortcut or something similar. It can be
automatically turned on for single user mode, so you even didn't
notice it.

-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849