From owner-freebsd-security Thu Jun 24 22:48:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from users.anet-stl.com (users.anet-stl.com [209.145.150.20]) by hub.freebsd.org (Postfix) with ESMTP id 3AAD314C07 for ; Thu, 24 Jun 1999 22:48:21 -0700 (PDT) (envelope-from doogie@anet-stl.com) Received: from earth.anet-stl.com (doogie@earth.anet-stl.com [209.83.128.12]) by users.anet-stl.com (8.9.3/8.8.5) with SMTP id FAA25213; Fri, 25 Jun 1999 05:48:17 GMT Date: Fri, 25 Jun 1999 00:48:16 -0500 (CDT) From: Jason Young To: Frank Tobin Cc: FreeBSD-security Mailing List Subject: Re: file flags during low securelevels In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The immutable and other flags protect against accidental as well as malicious damage. If they don't do their job in low securelevels, then they don't do their job in out-of-the-box FreeBSD installations and any other installation where the admin has not or does not know to raise the securelevel. Jason Young ANET/accessUS Chief Network Engineer On Fri, 25 Jun 1999, Frank Tobin wrote: > I'm curious as to why file flags are in effect during low kernel > securelevels ( < 1 ). Would it be undesirable to have these flags not in > effect during low securelevels, because they can be turned off at any > time? The reason I ask is that situations may arise where the whole > system is simmutablized, but the administrator wants to do wide-scale > file-replacement (e.g., make world) while the system is in single-user > mode. Currently that would be a big PITA, since you'd have to make sure > you unflag all files before replacing them. Also, during system bootup, > it is not unreasonable to assume that some process would want to edit some > files at boot time, but these files can be flagged after startup (e.g., > /var/log/messages rotated upon startup, but then sappend'd). > > Is there a performance hit I'm not thinking off here? Or could we make > this another sysctl knob (kern.fileflagsignored) or such? > > -- > Frank Tobin "To learn what is good and what is to be > http://www.bigfoot.com/~ftobin valued, those truths which cannot be > shaken or changed." Myst: The Book of Atrus > FreeBSD: The Power To Serve > > PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F > http://www.bigfoot.com/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message