From owner-freebsd-security  Thu Dec 10 02:01:41 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA01405
          for freebsd-security-outgoing; Thu, 10 Dec 1998 02:01:41 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA01397
          for <FREEBSD-SECURITY@FreeBSD.ORG>; Thu, 10 Dec 1998 02:01:37 -0800 (PST)
          (envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1])
	by zippy.cdrom.com (8.9.1/8.9.1) with ESMTP id CAA30050;
	Thu, 10 Dec 1998 02:00:26 -0800 (PST)
To: Jay Tribick <netadmin@fastnet.co.uk>
cc: Mark Newton <newton@camtech.com.au>, FREEBSD-SECURITY@FreeBSD.ORG
Subject: Re: append-only devices for logging 
In-reply-to: Your message of "Thu, 10 Dec 1998 09:17:39 GMT."
             <Pine.BSF.4.05.9812100906050.9677-100000@bofh.fast.net.uk> 
Date: Thu, 10 Dec 1998 02:00:25 -0800
Message-ID: <30042.913284025@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> True but if they have root then they can quite easily alter /etc/rc.local

Anyone setting their securelevel to 2 and *meaning* it will have also
chflag'd many of the files in / (including this one) to be effectively
read-only. There's no point in locking all your doors and leaving a
window open, after all, and anyone clueful enough to run at such a
high secure level should also be clueful enough to know where all the
obvious doors and windows (like this one) are. :-)

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message