From owner-freebsd-current Wed Apr 5 03:35:25 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id DAA15083 for current-outgoing; Wed, 5 Apr 1995 03:35:25 -0700 Received: from localhost (localhost [127.0.0.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id DAA15077 for ; Wed, 5 Apr 1995 03:35:23 -0700 X-Authentication-Warning: freefall.cdrom.com: Host localhost didn't use HELO protocol To: current@freefall.cdrom.com Subject: "Cookbook" for security. Date: Wed, 05 Apr 1995 03:35:23 -0700 Message-ID: <15076.797078123@freefall.cdrom.com> From: "Jordan K. Hubbard" Sender: current-owner@FreeBSD.org Precedence: bulk Poul and I were talking about the whole immutable flag issue, and since cpio, tar, pax and friends don't support the notion of extracting these extra flags ANYWAY, we might as well make a virtue of a vice and go "cookbook" style on it, where some central well-known file contains information that can be used to apply the flags in question after the system is installed. For that matter, the file can also contain MD5 checksums so that you can verify that all the "important" files have not been changed from the release copies. Needless to say, the "cookbook" file should be highly immutable itself in these cases :-). It seems to me that this would serve as a very valuable security aid and of use in creating the overall security tool from hell that I'd like to see on FreeBSD someday! :-) Jordan