From owner-freebsd-current Wed Apr 5 08:29:04 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id IAA22747 for current-outgoing; Wed, 5 Apr 1995 08:29:04 -0700 Received: from ref.tfs.com (ref.tfs.com [140.145.254.251]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id IAA22741 ; Wed, 5 Apr 1995 08:29:03 -0700 Received: (from phk@localhost) by ref.tfs.com (8.6.8/8.6.6) id IAA08521; Wed, 5 Apr 1995 08:29:03 -0700 From: Poul-Henning Kamp Message-Id: <199504051529.IAA08521@ref.tfs.com> Subject: Re: "Cookbook" for security. To: jkh@freefall.cdrom.com (Jordan K. Hubbard) Date: Wed, 5 Apr 1995 08:29:02 -0700 (PDT) Cc: current@freefall.cdrom.com In-Reply-To: <15076.797078123@freefall.cdrom.com> from "Jordan K. Hubbard" at Apr 5, 95 03:35:23 am Content-Type: text Content-Length: 883 Sender: current-owner@FreeBSD.org Precedence: bulk > Poul and I were talking about the whole immutable flag issue, and > since cpio, tar, pax and friends don't support the notion of > extracting these extra flags ANYWAY, we might as well make a virtue of > a vice and go "cookbook" style on it, where some central well-known > file contains information that can be used to apply the flags in > question after the system is installed. For that matter, the file can > also contain MD5 checksums so that you can verify that all the > "important" files have not been changed from the release copies. > Needless to say, the "cookbook" file should be highly immutable itself > in these cases :-). living on a CD-ROM or write-protected floppy it will be... -- Poul-Henning Kamp -- TRW Financial Systems, Inc. 'All relevant people are pertinent' && 'All rude people are impertinent' => 'no rude people are relevant'