Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Dec 2000 13:29:09 -0800 (PST)
From:      opentrax@email.com
To:        dima@unixfreak.org
Cc:        nuno.teixeira@pt-quorum.com, freebsd-bugs@FreeBSD.ORG, stable@FreeBSD.ORG
Subject:   Re: chflags bug? 
Message-ID:  <200012182129.NAA14693@spammie.svbug.com>
In-Reply-To: <20001218000431.5860E3E09@bazooka.unixfreak.org>

next in thread | previous in thread | raw e-mail | index | archive | help
I'm sure this topic has been discussed to death in core, arch 
and stable. But this 'kernel_securelevel' has got to be 
amoung the screwyist ideas to date.

Note: Flames to me will hit /dev/null

I'm just expressing my opinion.

				Jessem.




On 17 Dec, Dima Dorfman wrote:
>> The problem is: if I set on the 'schg' flag to a file, then I cannot
>> remove it with the 'noschg' option.
> 
> That's the idea!  If the system is in securelevel >= 1, the system
> immutable flag can't be unset.  The point is to protect vital system
> components from tampering, accidental and otherwise.  Since you can't
> lower the securelevel (unless you want to use ddb, but that's a story
> for another thread), you have two choices,
> 
>   1) boot into single user mode, unset the flag (or install the kernel), or
>   2) set kern_securelevel_enable to "NO" in rc.conf.
> 
> In a lower securelevel, you'll be able to unset the schg flag.
> 
> Hope this helps
> 
> 						Dima Dorfman
> 						dima@unixfreak.org
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 
> 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012182129.NAA14693>