According to Strange: > >c) Make root automatically override user-set flags (possibly will >create other complications for user-land programs relying on root >passing over such files). > Ugh no - this would be a major lose as the idea of the flags was in part to make files immutable at certain security levels such that _even_root_ could not modify them. The idea being you could trojan proof your binaries by making them immutable (don't forget the directories themselves, kiddies). If you allow root to stomp an immutable file then you lose part of the value of chflags. Then again you could just rig the system to check your binaries against an md5 signature before running them which stops the trojans :-) -- =============================================================================== Brett Lymn, Computer Systems Administrator, British Aerospace Australia ===============================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:04 PDT