Date: Tue, 25 Feb 1997 14:08:20 +1100 From: Bruce Evans <bde@zeta.org.au> To: hackers@freebsd.org, j@uriah.heep.sax.de Subject: Re: disallow setuid root shells? Message-ID: <199702250308.OAA24549@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> Except the case where the hacker truly knows what they're doing, in which >> case, the security audit will be worthless. root can modify any files he >> wants, including the database used to compare suid files against. =( > >chflags schg <your audit file> >sysctl -q kern.securelevel=1 sysctl: illegal option -- q usage: ... $ sysctl -w kern.securelevel=1 kern.securelevel: -1 -> 2 Securelevel 1 is completely useless under FreeBSD since non-mounted disks can be written to. Use level 2. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702250308.OAA24549>