netfilter firewalling problems and solutions

Robert Connolly cendres at videotron.ca
Sun Feb 22 00:36:37 PST 2004


On February 21, 2004 02:45 pm, Dagmar d'Surreal wrote:
> On Fri, 2004-02-20 at 16:34, Archaic wrote:
> > On Fri, Feb 20, 2004 at 05:30:19PM -0500, Robert Connolly wrote:
> > > If everything is immutable then nothing will be modified. /var/log can
> > > be ignored because logs don't need to be deinstalled. I don't think I
> > > want anything installing to /etc automaticly. The install log, and /etc
> > > files would need to be checked by hand after make install. Uniq can
> > > check install logs to make sure no two logs have the same entery.
> >
> > That could be considered a big hassle to reset immutability each time
> > you need to modify something. Granted, once it's set properly it
> > shouldn't need changing often. Also, chattr is only for ext2/3.
>
> Considering that filesystems can be mounted ro just as quickly as they
> can be remounted rw, there doesn't seem to be a lot of benefit to be
> gained from attempting to use the immutable flag to protect admin level
> things from admin level accounts.  The immutable flag is mainly only
> useful for restricting users from doing things (like changing their
> .bashrc and other rather draconian measures).

Its about keeping packages from overwritting eachothers files on make install. 
We already know gcc and binutils, and coreutils and shadow install files with 
the same name. These can be patched but with new packages its not easy to 
know this untill its too late.




More information about the hlfs-dev mailing list