> >Using securelevel and the immutable attribute of ext2 would solve
> >your problem without your suggestion's problems.
>
> Better yet, isn't this the sort of thing POSIX.6 permissions were
> designed for? Just give each program the permissions it needs...
> (There's a mailing list for such discussion, but I can't remember
> the address. Sorry.)
Securelevel & the immutable attibute present a small and quick solution
also available in other Unices like BSD 4.4 and that still is compatible
with the current UNIX style security system in Linux.
POSIX.6 is far bigger project that changes the fundamental principles
(uid/gid, SETUID/SETGID) on which UNIX security is based. Anyway, the
daring mind can test the POSIX.6 patches in
ftp://ftp.lmh.ox.ac.uk/pub/linux/kernel/patch/posix6-v1.diff.gz
Ralf