Date: Wed, 5 Apr 1995 22:00:21 +1000 From: Bruce Evans <bde@zeta.org.au> To: current@freefall.cdrom.com, jkh@freefall.cdrom.com Subject: Re: "Cookbook" for security. Message-ID: <199504051200.WAA18226@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>Poul and I were talking about the whole immutable flag issue, and >since cpio, tar, pax and friends don't support the notion of >extracting these extra flags ANYWAY, we might as well make a virtue of >a vice and go "cookbook" style on it, where some central well-known >file contains information that can be used to apply the flags in >question after the system is installed. For that matter, the file can >also contain MD5 checksums so that you can verify that all the >"important" files have not been changed from the release copies. >Needless to say, the "cookbook" file should be highly immutable itself >in these cases :-). /etc/mtree/* is supposed to be used for this. Guess what other friend doesn't support chflags(). :-). Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504051200.WAA18226>