Date: Thu, 17 Jun 1999 10:07:41 -0600 From: Warner Losh <imp@harmony.village.org> To: "Richard Childers" <rchilders@hamquist.com> Cc: security@FreeBSD.ORG Subject: Re: some nice advice.... Message-ID: <199906171607.KAA06017@harmony.village.org> In-Reply-To: Your message of "Thu, 17 Jun 1999 05:47:43 PDT." <3768EE6F.EEE2706F@hamquist.com> References: <3768EE6F.EEE2706F@hamquist.com> <Pine.LNX.3.96.990616182221.28882A-100000@static-petef.netreach.net> <199906162224.QAA02435@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3768EE6F.EEE2706F@hamquist.com> "Richard Childers" writes: : "My kernel is set schg ..." : Could you please expand on this ? chflags schg /kernel The system won't even let root change /kernel. When the secure level is elevated, even root can't remvoe the schg bit. Set it on all files required to boot, and go to elevated secure level quickly and things will be impossible to override... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906171607.KAA06017>