Date: Sun, 9 Jun 1996 19:44:16 -0400 (EDT) From: Brian Tao <taob@io.org> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: Effects of kern.securelevel >= 0 Message-ID: <Pine.NEB.3.92.960609193710.8414F-100000@zap.io.org> In-Reply-To: <9606092044.AA08601@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jun 1996, Garrett Wollman wrote:
>
> No. It is automatically increased by init if it starts out as >=0.
You mean "<= 0"? I haven't fiddled with the default startup value
here, and a 'sysctl kern.securelevel' in multiuser mode shows it is
still at level -1.
> That's why, when setting up a secure system, you have to make /etc/rc,
> and all the files it depends on, immutable, and all the important
> system directories append-only.
This is at kern.securelevel = 1:
# ls -ld /dev
drwxr-xr-x 3 root wheel - 15360 Jun 9 17:19 /dev
# chflags sappnd /dev
chflags: /dev: Operation not permitted
# ls -ldo /dev
drwxr-xr-x 3 root wheel sappnd 15360 Jun 9 17:19 /dev
A bogus ENOPERM somewhere?
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960609193710.8414F-100000>