Locking down your resolver config (was Re: False Positive on Domain Name)

[Kris Deugau <kd...@vianet.ca>]

Reko Turja wrote:
> I'm myself bit leery for making stuff immutable that update scripts etc.
> usually assume having preset flags. Immutable in wrong place can make
> stuff fail in pretty interesting ways.

Well, my reason for *setting* the immutable bit was that by definition,
any automated widget changing /etc/resolv.conf was Doing The Wrong
Thing, and as best I could determine, could not be told "Don't change
that file, at all, ever" any other way.  >:(  Anything that breaks
because it can't change resolv.conf is already broken anyway, by my own
local policies.

I've also been known to "chmod 0" (or the Windows equivalent, more
commonly) executables which are perfectly legitimate and which have
absolutely no business actually executing on my system.

I've yet to actually see any breakage doing either of these.

-kgd