From owner-freebsd-security  Thu Oct  5  7:10:28 2000
Delivered-To: freebsd-security@freebsd.org
Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66])
	by hub.freebsd.org (Postfix) with ESMTP id 9E33B37B66D
	for <freebsd-security@FreeBSD.ORG>; Thu,  5 Oct 2000 07:10:14 -0700 (PDT)
Received: from localhost (fjoe@localhost)
	by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id VAA52489;
	Thu, 5 Oct 2000 21:09:31 +0700 (NSS)
	(envelope-from fjoe@iclub.nsu.ru)
Date: Thu, 5 Oct 2000 21:09:31 +0700 (NSS)
From: Max Khon <fjoe@iclub.nsu.ru>
To: achilov@granch.ru
Cc: Alex Prohorenko <white@alkar.net>, freebsd-security@FreeBSD.ORG
Subject: Re: BSD chpass (fwd)
In-Reply-To: <39DC833C.7DDB0AC2@sentry.granch.ru>
Message-ID: <Pine.BSF.4.21.0010052108420.52290-100000@iclub.nsu.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

hi, there!

On Thu, 5 Oct 2000, Rashid N. Achilov wrote:

> > I do not see any single problem here.
> > 
> > chflags noschg /usr/bin/chpass
> > chown u-s /usr/bin/chpass
> > 
> > Sounds pretty easy, isn't it?
> 
> When securelevel 3 (or 2 too, not remember now :-( ) you, even if root,
> cannot unset schg flag :-)

securelevel 1 is sufficient:
man 8 init

/fjoe



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message