Date: Wed, 14 Feb 1996 22:25:02 -0800 (PST) From: Julian Elischer <julian@ref.tfs.com> To: uhclem@nemesis.lonestar.org (Frank Durda IV) Cc: hackers@FreeBSD.org Subject: Re: Is "immutable" supposed to be a good idea? Message-ID: <199602150625.WAA00334@ref.tfs.com> In-Reply-To: <m0tmuiw-000CU4C@nemesis.lonestar.org> from "Frank Durda IV" at Feb 14, 96 09:51:00 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> [....] > as root from doing stupid things and to prevent people running as root > or in maintenance mode from doing smart things), I would rather see > restore, tar, cpio, rm and any other system recovery tools all be able to > replace files with these flags, if the utility is running suid==root. I vaguely remember that some of these flags were not supposed to come into effect until the system went into multi-user mode.. Is n't there suppose to be a way to go into 'secure' mode from which there was no return? or Was I dreaming... This was all talked about by keirk during his 4.4 class I went to in 1992, but I can't remember all the points any more.. > > We should not make the system impossible to maintain or to recover. aye! I don't think these flags should be noticed till root decides to go 'secure' > > Strangely, one of the directories with these immutable files was moved into > /tmp to get it out of the way. On the next reboot, the normal system start > was able to get rid of all of the files. That seems curious. What has > rc got that I haven't got? hmm maybe that IS how it is doneA after all? > > Unless someone knows a really good reason, I plan to turn off immutable > on all files on the customer systems I have to maintain. This was too big > of a hassle to revisit and cost everybody involved. > > Oh, weird party trick: some time just before nuking a system to do > a fresh install or something, rm /sbin/init, halt and reboot and watch. > That is certainly not what other UNIX systems do... Well FreeBSD will try look for /stand/init and /stand/install if /etc/init aint there.. (at least I've seen code to do that....) That's how the install disk works I think... (maybe I'm out of date) julian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602150625.WAA00334>