Date: Wed, 17 Sep 1997 20:58:19 +0200 (CEST) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: froden@bigblue.no Cc: freebsd-security@FreeBSD.ORG Subject: Re: schg flag... Message-ID: <199709171858.UAA07882@ocean.campus.luth.se> In-Reply-To: <199709171655.SAA26869@login.bigblue.no> from Frode Nordahl at "Sep 17, 97 06:55:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Frode Nordahl: > On Wed, 17 Sep 1997 10:45:31 -0600, Sean Kelly wrote: > > >The schg flag can't be changed when the system is running in securelevel > >1 or 2. See init(1) for more details. > > > >According to that man page, the securelevel is usually set in /etc/rc > >during bootup. A quick grep through /etc/* doesn't contain any > >reference to securelevel, though. You could probably add it yourself to > >your own rc files, but it'd be nice if there were an /etc/rc.conf entry > >for it. > > Ok... Well then's a question, why is FreeBSD's standard mode to run in > leve -1? Isn't that a bit suicidal? No, it's practical. Running at a higher securelevel just makes things harder for you. Compiling a new kernel, etc. Why bother making your computer a fortress when you really don't have much important data on it? It's just annoying to have to lower the drawbridge every time you wanna run out to pick a fresh apple. :-) Ofcourse, when you set up a server which actually contains data you can't afford to loose, or having someone unauthorised read, then you should probably raise the secure level. But most machines running FreeBSD are most likely just workstations, which can be wiped and reinstalled if anything really bad happens. Therefor that's the default. /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709171858.UAA07882>