Date: Thu, 12 Apr 2007 20:12:05 +0200 From: Bernd Walter <ticso@cicely12.cicely.de> To: Kris Kennaway <kris@obsecurity.org> Cc: John Nielsen <lists@jnielsen.net>, Robert Watson <rwatson@FreeBSD.org>, ticso@cicely.de, current@FreeBSD.org Subject: Re: ZFS to support chflags? Message-ID: <20070412181204.GC30772@cicely12.cicely.de> In-Reply-To: <20070412172811.GA48309@xor.obsecurity.org> References: <200704112004.03903.lists@jnielsen.net> <20070412021645.GQ30772@cicely12.cicely.de> <20070412114135.C64803@fledge.watson.org> <20070412172811.GA48309@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 12, 2007 at 01:28:11PM -0400, Kris Kennaway wrote: > On Thu, Apr 12, 2007 at 11:42:37AM +0100, Robert Watson wrote: > > > > On Thu, 12 Apr 2007, Bernd Walter wrote: > > > > >On Wed, Apr 11, 2007 at 08:04:03PM -0400, John Nielsen wrote: > > > > > >>I just moved /usr over to a zpool on my -CURRENT system. Performance and > > >>stability are both excellent so far. (Thanks Pawel!) However I noticed > > >>that setting FS flags on files with chflags is not supported. Would it be > > >>feasible to add support for flags on ZFS, and if so are there plans to do > > >>so? > > >> > > >>If not (and/or in the meantime), are there any places in the base system > > >>where flags are required for normal operation? (/var maybe?) > > > > > >Some binaries have such flags set, but it is not required, otherwise > > >diskless NFS wouldn't work. I often see installworld warnings about beeing > > >unable to set extended flags on ld.so and others on my diskless boxes. > > > > I'm not a big fan of setting these flags -- I fairly frequently run into > > problems when I installworld an NFS root on the NFS host, then try to work > > with it over NFS from the NFS-booted system, as the flags can't be removed > > via NFS. They don't offer a security benefit as-installed, and perhaps > > offer a benefit with respect to preventing people from shooting themselves > > in the foot (or perhaps not). > > Yeah, historical intentions notwithstanding, the real benefit of schg > flags on critical pieces is anti foot-shooting. e.g. you really don't > want to accidentally delete ld-elf.so.1 or libc.so.7 or init. > You can usually recover from this, but it can mess up your whole day > :) The idea is obvious, but it's not up to date to be really usefull beside a few special cases. E.g. I don't mind loosing ld-elf.so.1 if mount* and restore are lost as well. On the other hand we have /rescue today - schg would make way more sense there, but it's currently unprotected. -- B.Walter http://www.bwct.de http://www.fizon.de bernd@bwct.de info@bwct.de support@fizon.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070412181204.GC30772>