From owner-freebsd-security Thu Jun 17 8: 9:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 17E2514F26 for ; Thu, 17 Jun 1999 08:09:34 -0700 (PDT) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.02 #1) id 10udmP-000Mtk-00; Thu, 17 Jun 1999 17:08:37 +0200 From: Sheldon Hearn To: James Wyatt Cc: "Andy V. Oleynik" , Richard Childers , security@FreeBSD.ORG Subject: Re: some nice advice.... In-reply-to: Your message of "Thu, 17 Jun 1999 09:45:20 EST." Date: Thu, 17 Jun 1999 17:08:37 +0200 Message-ID: <88023.929632117@axl.noc.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 17 Jun 1999 09:45:20 EST, James Wyatt wrote: > The 'schg' (system immutable) flag can be set by root to prevent *anyone* > from changing a file, including root. It takes effect when you run at a > more secure 'syslevel' and enhances security while running. For the record: Schg is always "in effect". At non-zero securelevels (not syslevels), nobody can remove the schg flag. Effectively, the same thing as what you said, but the difference is worth explaining. And the manpage to refer people to is init(8). Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message