Date: Sat, 30 Apr 2005 21:28:29 -0500 From: Craig Boston <craig@feniz.gank.org> To: Jon Noack <noackjr@alumni.rice.edu> Cc: Ronald Klop <ronald-freebsd8@klop.yi.org> Subject: Re: [PATCH] securelevel and make installworld Message-ID: <20050501022828.GA94865@nowhere> In-Reply-To: <4266DBEC.5000503@alumni.rice.edu> References: <opspjrxucr8527sy@smtp.local> <4266C966.90701@alumni.rice.edu> <opspjwj0x98527sy@smtp.local> <4266DBEC.5000503@alumni.rice.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 20, 2005 at 05:47:08PM -0500, Jon Noack wrote: > The attached diff is against -CURRENT but applies cleanly to 5.4-RC3. > It adds a check to the installworld target in src/Makefile.inc1 to > ensure we are not in secure mode. What about cases where installing in secure mode is both valid and will not fail? For example, consider using installworld to create a jail environment. If the target directory is empty, no schg files need to be overwritten and the install will succeed even with securelevel 3. Some users may also have their system configured so that schg is not set on system files (INSTALLFLAGS_EDIT=:N-fschg, among other methods). Arguably this is not very secure, but perhaps they are using securelevel for something else. Perhaps protecting firewall rules or sensitive files? IMHO, it's not the system's place to second guess what it is told to do. Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050501022828.GA94865>