From owner-freebsd-security Wed Sep 17 12:38:21 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA04651 for security-outgoing; Wed, 17 Sep 1997 12:38:21 -0700 (PDT) Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA04646 for ; Wed, 17 Sep 1997 12:38:15 -0700 (PDT) Received: from localhost (brian@localhost) by shell.firehouse.net (8.8.5/8.8.5) with SMTP id PAA13007; Wed, 17 Sep 1997 15:37:20 -0400 (EDT) Date: Wed, 17 Sep 1997 15:37:17 -0400 (EDT) From: Brian Mitchell To: Frode Nordahl cc: "freebsd-security@freebsd.org" Subject: Re: schg flag... In-Reply-To: <199709171620.SAA25313@login.bigblue.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 17 Sep 1997, Frode Nordahl wrote: > Hello! > > schg is a good flag to have for security on certain files/binaries, but if the flag can be turned of as easilly as running > chflags noschg, the flag is pretty useless. set securelevel above the 'perm insecure' level, and this will not be the case. > > People that want to modify such files most likelly allready have access enough to the system to run chflags. > > I thought that the schg flag was only to be modified if the system was running in some other mode than standard > multiuser...?