Date: Mon, 15 Jun 1998 13:06:52 +0200 From: Eivind Eklund <eivind@yes.no> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: security@FreeBSD.ORG Subject: Re: bsd securelevel patch question Message-ID: <19980615130652.61198@follo.net> In-Reply-To: <199806151059.KAA13992@ns1.yes.no>; from Darren Reed on Mon, Jun 15, 1998 at 08:58:04PM %2B1000 References: <E0ylKaT-0001Nb-00@oak71.doc.ic.ac.uk> <199806151059.KAA13992@ns1.yes.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 15, 1998 at 08:58:04PM +1000, Darren Reed wrote: > > btw, using the immutable flag(s) without setting the securelevel > 0 is > fruitless as raw device access remains open... > > using both, is required, if you're going to use either. Of course. If you have securelevel <= 0, you can just use chflags to remove the immutable flag, so that is _truly_ pointless. It doesn't even slow down an attacker. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980615130652.61198>