From owner-freebsd-security Thu Jun 24 23: 2:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from users.anet-stl.com (users.anet-stl.com [209.145.150.20]) by hub.freebsd.org (Postfix) with ESMTP id B54C114C07 for ; Thu, 24 Jun 1999 23:02:44 -0700 (PDT) (envelope-from doogie@anet-stl.com) Received: from earth.anet-stl.com (doogie@earth.anet-stl.com [209.83.128.12]) by users.anet-stl.com (8.9.3/8.8.5) with SMTP id GAA26330; Fri, 25 Jun 1999 06:02:39 GMT Date: Fri, 25 Jun 1999 01:02:38 -0500 (CDT) From: Jason Young To: Frank Tobin Cc: FreeBSD-security Mailing List Subject: Re: file flags during low securelevels In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 25 Jun 1999, Frank Tobin wrote: > Jason Young, at 00:48 on Fri, 25 Jun 1999, wrote: > > > The immutable and other flags protect against accidental as well as > > malicious damage. If they don't do their job in low securelevels, then > > they don't do their job in out-of-the-box FreeBSD installations and any > > other installation where the admin has not or does not know to raise the > > securelevel. > > Okay, so how about a sysctl knob for it? In what situations are you running into problems with schg/sappnd? There's only a few things that are schg/sappnd out of the box, and those targets are handled by make world and the kernel install target automatically assuming you're in an appropriate securelevel. An admin who has the knowledge, need and will to remove schg/sappnd flag protections should just do it - "chflags -R noschg nosappnd /." I'm not -opposed- to a knob, I just don't see a use for it. Jason Young ANET/accessUS Chief Network Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message