Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Nov 2021 23:29:24 +0100
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        grarpamp <grarpamp@gmail.com>, current@freebsd.org
Subject:   Re: Extracting base.txz files missing flags
Message-ID:  <72ea461d-6b16-a661-ac73-66aeb098208d@quip.cz>
In-Reply-To: <CAD2Ti2-gL-%2Bjn949pGD9fkv_NS_ZCUqdx0S0giv=diJK0NT_1g@mail.gmail.com>
References:  <87fss1rxfl.wl-herbert@gojira.at> <CAD2Ti2-gL-%2Bjn949pGD9fkv_NS_ZCUqdx0S0giv=diJK0NT_1g@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 12/11/2021 22:33, grarpamp wrote:
> Flags are not security since root will bypass everything.

Maybe you missed something - you cannot change flags when your system 
has security level (kern.securelevel) raised above 0. And this level 
cannot be lowered on running system, only at boot time. Also kernel 
modules cannot be loaded. See "man security" for more.

> While some may beg for anti-footshooting, but
> where might that cry end up... chflags -Rhx schg / .
> Nor should freebsd fill that role when local admins
> know best for and given their own individual environments.
> If local tendency is to run around as root and
> disrupt your filesystems so bad that even these...
>> ./libexec/ld-elf.so.1
>> ./libexec/ld-elf32.so.1
> ... get routinely wrecked, then you have bigger local
> problems to work on than freebsd can help you with :)

Kind regards
Miroslav Lachman



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72ea461d-6b16-a661-ac73-66aeb098208d>