From owner-freebsd-current@FreeBSD.ORG Sun Dec 7 12:11:01 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11BE516A4CE for ; Sun, 7 Dec 2003 12:11:01 -0800 (PST) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id E88C343FBD for ; Sun, 7 Dec 2003 12:10:59 -0800 (PST) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.10/8.12.9) with ESMTP id hB7KAx8l012796; Sun, 7 Dec 2003 13:10:59 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Sun, 07 Dec 2003 13:10:35 -0700 (MST) Message-Id: <20031207.131035.17094015.imp@bsdimp.com> To: chris@unixpages.org From: "M. Warner Losh" In-Reply-To: <20031207193213.GD3081@unixpages.org> References: <20031207193213.GD3081@unixpages.org> X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: kernel file flags X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2003 20:11:01 -0000 In message: <20031207193213.GD3081@unixpages.org> Christian Brueffer writes: : it seems that since a few weeks the schg flag is not getting set for the : kernel and modules anymore, so they can be replaced with securelevel 1 : set. : : I'd consider that a bug. Was this intended? Yes. It was done with with malice of forethought. If you want a secure system, you need to make sure it is secure. schg is an anti-foot shooting measure only so long as /etc/rc.d* don't have schg on them... Warner