Date: Thu, 26 Oct 2023 23:36:22 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-security@freebsd.org Subject: Re: securelevel 1 Message-ID: <86ttqd12y1.fsf@ltc.des.no> In-Reply-To: <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com> (void@f-m.fm's message of "Tue, 24 Oct 2023 17:33:22 %2B0000") References: <ZTeaGFZjvcsKfbOW@int21h> <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org> <663fd243-94ec-40c1-ac66-ca8e3d5f278d@quip.cz> <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
void <void@f-m.fm> writes: > In order to accomplish what I'd like, I understand that I'd need to set += schg > on the individual logs, then set the securelevel afterwards and reboot. If you set the log file +schg, it can't be written to at all. That's obviously not what you want. If you set it +sappnd, it can be written to, and newsyslog will be able to rotate it; an attacker with superuser privileges will also be able to replace it with a doctored file. There is no way to allow one without the other. The usual solution is to log to a remote machine. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ttqd12y1.fsf>