Date: Sun, 07 Dec 2003 13:10:35 -0700 (MST) From: "M. Warner Losh" <imp@bsdimp.com> To: chris@unixpages.org Cc: current@freebsd.org Subject: Re: kernel file flags Message-ID: <20031207.131035.17094015.imp@bsdimp.com> In-Reply-To: <20031207193213.GD3081@unixpages.org> References: <20031207193213.GD3081@unixpages.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <20031207193213.GD3081@unixpages.org>
Christian Brueffer <chris@unixpages.org> writes:
: it seems that since a few weeks the schg flag is not getting set for the
: kernel and modules anymore, so they can be replaced with securelevel 1
: set.
:
: I'd consider that a bug. Was this intended?
Yes. It was done with with malice of forethought. If you want a
secure system, you need to make sure it is secure. schg is an
anti-foot shooting measure only so long as /etc/rc.d* don't have schg
on them...
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031207.131035.17094015.imp>