From owner-freebsd-bugs Mon Dec 18 13:28:13 2000 From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 18 13:28:09 2000 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from spammie.svbug.com (unknown [198.79.110.2]) by hub.freebsd.org (Postfix) with ESMTP id EAA3037B400; Mon, 18 Dec 2000 13:28:07 -0800 (PST) Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1]) by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id NAA14693; Mon, 18 Dec 2000 13:29:13 -0800 (PST) (envelope-from jessem@spammie.svbug.com) Message-Id: <200012182129.NAA14693@spammie.svbug.com> Date: Mon, 18 Dec 2000 13:29:09 -0800 (PST) From: opentrax@email.com Reply-To: opentrax@email.com Subject: Re: chflags bug? To: dima@unixfreak.org Cc: nuno.teixeira@pt-quorum.com, freebsd-bugs@FreeBSD.ORG, stable@FreeBSD.ORG In-Reply-To: <20001218000431.5860E3E09@bazooka.unixfreak.org> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: jessem@spammie.svbug.com Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm sure this topic has been discussed to death in core, arch and stable. But this 'kernel_securelevel' has got to be amoung the screwyist ideas to date. Note: Flames to me will hit /dev/null I'm just expressing my opinion. Jessem. On 17 Dec, Dima Dorfman wrote: >> The problem is: if I set on the 'schg' flag to a file, then I cannot >> remove it with the 'noschg' option. > > That's the idea! If the system is in securelevel >= 1, the system > immutable flag can't be unset. The point is to protect vital system > components from tampering, accidental and otherwise. Since you can't > lower the securelevel (unless you want to use ddb, but that's a story > for another thread), you have two choices, > > 1) boot into single user mode, unset the flag (or install the kernel), or > 2) set kern_securelevel_enable to "NO" in rc.conf. > > In a lower securelevel, you'll be able to unset the schg flag. > > Hope this helps > > Dima Dorfman > dima@unixfreak.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message