From owner-freebsd-questions@FreeBSD.ORG Sun Feb 12 11:35:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B578516A420 for ; Sun, 12 Feb 2006 11:35:10 +0000 (GMT) (envelope-from ray@TXnet.com) Received: from txnet.com (unisys.txnet.com [212.1.98.8]) by mx1.FreeBSD.org (Postfix) with SMTP id 61BBD43D46 for ; Sun, 12 Feb 2006 11:35:08 +0000 (GMT) (envelope-from ray@TXnet.com) Received: (qmail 98887 invoked from network); 12 Feb 2006 11:31:29 -0000 Received: from 212.1.98.10 by unisys.txnet.com (envelope-from , uid 82) with qmail-scanner-1.25 (spamassassin: 3.0.3. Clear:RC:1(212.1.98.10):. Processed in 0.076051 secs); 12 Feb 2006 11:31:29 -0000 X-Qmail-Scanner-Mail-From: ray@TXnet.com via unisys.txnet.com X-Qmail-Scanner: 1.25 (Clear:RC:1(212.1.98.10):. Processed in 0.076051 secs) Received: from unknown (HELO X.txnet.com) (212.1.98.10) by unisys.txnet.com with SMTP; 12 Feb 2006 11:31:28 -0000 Date: Sun, 12 Feb 2006 13:35:05 +0200 From: Alex Renn X-Mailer: The Bat! (v3.5) Professional X-Priority: 3 (Normal) Message-ID: <597571270.20060212133505@TXnet.com> To: Lowell Gilbert CC: freebsd-questions@freebsd.org In-Reply-To: <44y80jyreb.fsf@be-well.ilk.org> References: <358523811.20060209192506@TXnet.com> <44y80jyreb.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: CD installation and file flags X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Feb 2006 11:35:10 -0000 Hello Lowell Gilbert! SUID/SGID files in my default installation do not have any flags set: $ uname -a FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 $ ls -alo `which su` -r-sr-xr-x 1 root wheel - 11992 Nov 3 08:11 /usr/bin/su That's why I'm asking about this. I think there should be some flags set by default. ====[ End of message ]==== Best Regards, Alex Renn ray@TXnet.com ===[ Original Message ]=== From: Lowell Gilbert To: Alex Renn Subject: CD installation and file flags Date: 10.02.2006 20:56 > Alex Renn writes: >> I installed FreeBSD 6.0 from CD and noticed that file flags were not >> applied by default to /boot, /bin, /sbin. > Right. suid files get the flags, but nothing else. >> I set kernel_securelevel to 3 but it does not help a lot while there >> are no schg flags on system files. > File flags are enforced at a securelevel of 1. If they are all you > care about, then there's no reason to add the filesystem mounting, > clock, and firewall restrictions of levels 2 and 3. >> Is there any script to set proper flags for all files in the default >> installation? > There is not widespread agreement on the definition of "proper" in > that sentence. Once you have a precise idea of what you think it > should be, writing a script for your particular needs will be > trivial. > Be well. ===[ End of Original Message ]===