From owner-freebsd-security Wed May 22 13:10: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 118FB37B40A for ; Wed, 22 May 2002 13:09:58 -0700 (PDT) Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by energyhq.homeip.net (Postfix) with ESMTP id 9292C3FCA9; Wed, 22 May 2002 22:09:58 +0200 (CEST) Received: (from flynn@localhost) by energyhq.homeip.net (8.12.3/8.12.3/Submit) id g4MK9vKh039547; Wed, 22 May 2002 22:09:57 +0200 (CEST) Date: Wed, 22 May 2002 22:09:57 +0200 From: Miguel Mendez To: Stephanie Wehner <_@r4k.net> Cc: freebsd-security@freebsd.org Subject: Re: file flags in /modules Message-ID: <20020522220957.B38022@energyhq.homeip.net> Mail-Followup-To: Stephanie Wehner <_@r4k.net>, freebsd-security@freebsd.org References: <20020522194304.GA70619@r4k.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="QRj9sO5tAVLaXnSD" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020522194304.GA70619@r4k.net>; from _@r4k.net on Wed, May 22, 2002 at 09:43:04PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --QRj9sO5tAVLaXnSD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 22, 2002 at 09:43:04PM +0200, Stephanie Wehner wrote: Hi, > Is there any particular reason why the immutable flag is turned on for=20 > /kernel, but not for any loadable modules ?=20 FWIW, this is what it looks like for 5.0-DP1 flynn@kajsa# pwd /boot/kernel flynn@kajsa# ls -lo kernel linux.ko=20 -r-xr-xr-x 1 root wheel - 3046892 May 15 19:48 kernel -r-xr-xr-x 1 root wheel - 98535 May 15 19:48 linux.ko But I agree that it might be better if the install process chflagged kernel and modules by default. It's a trivial patch, anyway. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --QRj9sO5tAVLaXnSD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE86/sVnLctrNyFFPERAq5gAKCUVoyqohoKYXrTpH/dkUbZO/RmHACgipFt GxtR3L6jq417jltXCWPyxlE= =nEE4 -----END PGP SIGNATURE----- --QRj9sO5tAVLaXnSD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message