From owner-freebsd-stable@FreeBSD.ORG  Sun May  1 02:28:32 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7B11716A4CE
	for <freebsd-stable@freebsd.org>;
	Sun,  1 May 2005 02:28:32 +0000 (GMT)
Received: from ion.gank.org (ion.gank.org [69.55.238.164])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5016043D49
	for <freebsd-stable@freebsd.org>;
	Sun,  1 May 2005 02:28:32 +0000 (GMT)
	(envelope-from craig@feniz.gank.org)
Received: by ion.gank.org (mail, from userid 1001)
	id DED2F2B1EB; Sat, 30 Apr 2005 21:28:31 -0500 (CDT)
Date: Sat, 30 Apr 2005 21:28:29 -0500
From: Craig Boston <craig@feniz.gank.org>
To: Jon Noack <noackjr@alumni.rice.edu>
Message-ID: <20050501022828.GA94865@nowhere>
Mail-Followup-To: Craig Boston <craig@feniz.gank.org>,
	Jon Noack <noackjr@alumni.rice.edu>,
	Ronald Klop <ronald-freebsd8@klop.yi.org>, freebsd-stable@freebsd.org
References: <opspjrxucr8527sy@smtp.local> <4266C966.90701@alumni.rice.edu>
	<opspjwj0x98527sy@smtp.local> <4266DBEC.5000503@alumni.rice.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4266DBEC.5000503@alumni.rice.edu>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-stable@freebsd.org
cc: Ronald Klop <ronald-freebsd8@klop.yi.org>
Subject: Re: [PATCH] securelevel and make installworld
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2005 02:28:32 -0000

On Wed, Apr 20, 2005 at 05:47:08PM -0500, Jon Noack wrote:
> The attached diff is against -CURRENT but applies cleanly to 5.4-RC3. 
> It adds a check to the installworld target in src/Makefile.inc1 to 
> ensure we are not in secure mode.

What about cases where installing in secure mode is both valid and will
not fail?

For example, consider using installworld to create a jail environment.
If the target directory is empty, no schg files need to be overwritten
and the install will succeed even with securelevel 3.

Some users may also have their system configured so that schg is not set
on system files (INSTALLFLAGS_EDIT=:N-fschg, among other methods).
Arguably this is not very secure, but perhaps they are using securelevel
for something else.  Perhaps protecting firewall rules or sensitive
files?

IMHO, it's not the system's place to second guess what it is told to do.

Craig