Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2007 13:34:11 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        ticso@cicely.de
Cc:        John Nielsen <lists@jnielsen.net>, current@FreeBSD.org
Subject:   Re: ZFS to support chflags?
Message-ID:  <20070412133301.L99718@fledge.watson.org>
In-Reply-To: <20070412112045.GR30772@cicely12.cicely.de>
References:  <200704112004.03903.lists@jnielsen.net> <20070412021645.GQ30772@cicely12.cicely.de> <20070412114135.C64803@fledge.watson.org> <20070412112045.GR30772@cicely12.cicely.de>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 12 Apr 2007, Bernd Walter wrote:

>> I'm not a big fan of setting these flags -- I fairly frequently run into 
>> problems when I installworld an NFS root on the NFS host, then try to work 
>> with it over NFS from the NFS-booted system, as the flags can't be removed 
>> via NFS.  They don't offer a security benefit as-installed, and perhaps 
>> offer a benefit with respect to preventing people from shooting themselves 
>> in the foot (or perhaps not).
>
> They do add security benefits for jails. E.g. hardlink system binaries over 
> multiple jails flaged immuteable. No jail can compromise the data in other 
> jails, while still allowing the kernel to share memory pages for it.

However, the standard installworld doesn't do this.  I'm don't object to the 
flags existing, it's rather that I think that the incremental benefit of the 
cases where we do set them by default via installworld isn't there.  If you're 
going to use schg to protect jails, it basically requires setting the flag on 
all the directories and files that are shared, and that wouldn't be a good 
default either. :-)

Robert N M Watson
Computer Laboratory
University of Cambridge



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070412133301.L99718>