From owner-freebsd-current  Thu Sep 10 02:26:25 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA29757
          for freebsd-current-outgoing; Thu, 10 Sep 1998 02:26:25 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.15.68.22])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29746
          for <current@FreeBSD.ORG>; Thu, 10 Sep 1998 02:26:21 -0700 (PDT)
          (envelope-from bde@godzilla.zeta.org.au)
Received: (from bde@localhost)
	by godzilla.zeta.org.au (8.8.7/8.8.7) id TAA09021;
	Thu, 10 Sep 1998 19:25:42 +1000
Date: Thu, 10 Sep 1998 19:25:42 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199809100925.TAA09021@godzilla.zeta.org.au>
To: mark@grondar.za, tlambert@primenet.com
Subject: Re: unremovable schg flag?
Cc: current@FreeBSD.ORG, max@wide.ad.jp
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>> > I noticed that this file has schg flag set, and I could not do
>> > chflags noschg even as root.
>
>[ ... ]
>
>> Have you set your securelevel to something other than -1? If so, this is
>> what schg is all about.
>
>Aparently not:
>
>> > After struggling for some time, I went into the single user mode
>> > and clri'd that file.

This shows that securelevel 1 isn't actually secure.  (Starting from
the uninitialized shell variable kern_securelevel, /etc/rc sets the
kernel securelevel to 0.  init(8) knows too much about securelevels
and bumps this to 1.  Level 1 is a little bit insecure.)

Bruce

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message