From owner-freebsd-security  Wed Sep 10 16:35:21 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA06603
          for security-outgoing; Wed, 10 Sep 1997 16:35:21 -0700 (PDT)
Received: from hotlava.com (NU4VtTeKzBZN6E5L8xzP85tcm7zEXidz@internal-mail.hotlava.com [193.67.124.74])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id QAA06556
          for <freebsd-security@FreeBSD.ORG>; Wed, 10 Sep 1997 16:34:44 -0700 (PDT)
Message-Id: <199709102334.QAA06556@hub.freebsd.org>
Received: (qmail 11849 invoked from network); 10 Sep 1997 23:33:46 -0000
Received: from localhost (?eB/QpaavlncW3bYgJsUWDe9s/JWMt053?@127.0.0.1)
  by localhost with SMTP; 10 Sep 1997 23:33:46 -0000
X-Mailer: exmh version 2.0gamma 1/27/96
To: freebsd-security@FreeBSD.ORG
Subject: Re: Kernel Install Permissions 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 Sep 1997 01:33:46 +0200
From: Gary Howland <gary@hotlava.com>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Jamil J. Weatherbee writes:
> > 
> > This is just a personal opinion, and maybye it is uneducated, but is there
> > really some reason for the kernel to be installed chmod 555, wouldn't 544
> > or even maybye 444 do (I'm not to familiar with the bootloader, I would
> > guess that it doesn't execute /kernel in the same way a coff binary is
> > executed so permissions probably don't matter hunh?) 
> 
> Perhaps even 550 or 540 with group kmem or something.

Better still make it unmodifiable with chflags (assumming that
you're running at a suitable security level).

Gary