Date: Fri, 04 Jun 2010 03:22:46 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: Fbsd1 <fbsd1@a1poweruser.com> Cc: "questions@freebsd.org" <questions@freebsd.org> Subject: Re: /var/empty has schg flag turned on. Why? Message-ID: <4C08B7D6.5020604@cyberleo.net> In-Reply-To: <4C08B252.8010008@a1poweruser.com> References: <4C08B252.8010008@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/04/2010 02:59 AM, Fbsd1 wrote: > Why does the base RELEASE have schg flag turned for the /var/empty > directory? > > Is that directory really used for anything? > > Is this a release build problem? Certain daemons will chroot(2) to that directory to perform sensitive privilege-separation operations, or when they know they will not need to interact with the filesystem to perform their duties. The directory must remain empty to ensure the operation is secure. The best way to ensure no files are accidentally or intentionally created there is to set it schg, which forbids any changes to the directory (such as linking a file there). -- Fuzzy love, -CyberLeo Furry Peace! - http://www.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C08B7D6.5020604>