From owner-freebsd-bugs  Wed Sep 26  0:30: 9 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3BB1A37B41B
	for <freebsd-bugs@hub.freebsd.org>; Wed, 26 Sep 2001 00:30:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f8Q7U2m41185;
	Wed, 26 Sep 2001 00:30:02 -0700 (PDT)
	(envelope-from gnats)
Received: from snark.rinet.ru (snark.rinet.ru [195.54.192.73])
	by hub.freebsd.org (Postfix) with ESMTP id 56CFB37B414
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 26 Sep 2001 00:20:09 -0700 (PDT)
Received: (from yar@localhost)
	by snark.rinet.ru (8.11.6/8.11.6) id f8Q7K4l95116;
	Wed, 26 Sep 2001 11:20:04 +0400 (MSD)
	(envelope-from yar)
Message-Id: <200109260720.f8Q7K4l95116@snark.rinet.ru>
Date: Wed, 26 Sep 2001 11:20:04 +0400 (MSD)
From: Yar Tikhiy <yar@snark.rinet.ru>
Reply-To: Yar Tikhiy <yar@snark.rinet.ru>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: bin/30837: Sysinstall doesn't set the schg flag on the sensitive files
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         30837
>Category:       bin
>Synopsis:       Sysinstall doesn't set the schg flag on the sensitive files
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 26 00:30:02 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Yar Tikhiy
>Release:        FreeBSD 4.4-RELEASE i386
>Organization:
NASH monthly magazine
>Environment:
System: FreeBSD xxxx.xxxx.ru 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Tue Sep 18 11:57 :08 PDT 2001     murray@builder.FreeBSD.org:/usr/src/sys/compile/GENERIC  i386

>Description:
	After install or upgrade procedure, sysinstall leaves /kernel,
	/sbin/init, /usr/bin/libc.so.*, and the whole bunch of other
	sensitive files with the system-immutable flag unset.
	It is rather unexpected to those admins who usually install
	or upgrade the system from source.

>How-To-Repeat:
	Do a fresh install or an upgrade.  See /kernel, /sbin/init etc
	have no schg flag.

>Fix:
	There are at least three possible ways to deal with the problem:

	First, sysinstall(8) may be taught to set the schg flag on the files.
	However, that would require maintaining the list of sensitive
	files within the sysinstall configuration while the information
	is already contained in the corresponding Makefiles.

	Second, tar(1) may be modified to save and restore file flags.
	This solution is likely to cause compatibility problems, though.

	Third, the current sysinstall vs. make world behaviour may be
	documented - as I can see, it isn't yet.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message