Date: Fri, 25 Jun 1999 01:02:38 -0500 (CDT) From: Jason Young <doogie@anet-stl.com> To: Frank Tobin <ftobin@bigfoot.com> Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: Re: file flags during low securelevels Message-ID: <Pine.BSF.3.96.990625005320.25811F-100000@earth.anet-stl.com> In-Reply-To: <Pine.BSF.4.10.9906250049420.63311-100000@srh0710.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Jun 1999, Frank Tobin wrote: > Jason Young, at 00:48 on Fri, 25 Jun 1999, wrote: > > > The immutable and other flags protect against accidental as well as > > malicious damage. If they don't do their job in low securelevels, then > > they don't do their job in out-of-the-box FreeBSD installations and any > > other installation where the admin has not or does not know to raise the > > securelevel. > > Okay, so how about a sysctl knob for it? In what situations are you running into problems with schg/sappnd? There's only a few things that are schg/sappnd out of the box, and those targets are handled by make world and the kernel install target automatically assuming you're in an appropriate securelevel. An admin who has the knowledge, need and will to remove schg/sappnd flag protections should just do it - "chflags -R noschg nosappnd /." I'm not -opposed- to a knob, I just don't see a use for it. Jason Young ANET/accessUS Chief Network Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990625005320.25811F-100000>