From owner-freebsd-security  Thu Jun 24 22:50:11 1999
Delivered-To: freebsd-security@freebsd.org
Received: from srh0710.urh.uiuc.edu (srh0710.urh.uiuc.edu [130.126.76.32])
	by hub.freebsd.org (Postfix) with SMTP id 5429514C07
	for <freebsd-security@FreeBSD.ORG>; Thu, 24 Jun 1999 22:50:09 -0700 (PDT)
	(envelope-from ftobin@bigfoot.com)
Received: (qmail 63584 invoked by uid 1000); 25 Jun 1999 05:50:08 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 25 Jun 1999 05:50:08 -0000
Date: Fri, 25 Jun 1999 00:50:08 -0500 (CDT)
From: Frank Tobin <ftobin@bigfoot.com>
X-Sender: ftobin@srh0710.urh.uiuc.edu
To: Jason Young <doogie@anet-stl.com>
Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG>
Subject: Re: file flags during low securelevels
In-Reply-To: <Pine.BSF.3.96.990625004700.25811E-100000@earth.anet-stl.com>
Message-ID: <Pine.BSF.4.10.9906250049420.63311-100000@srh0710.urh.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Jason Young, at 00:48 on Fri, 25 Jun 1999, wrote:

> The immutable and other flags protect against accidental as well as
> malicious damage. If they don't do their job in low securelevels, then
> they don't do their job in out-of-the-box FreeBSD installations and any
> other installation where the admin has not or does not know to raise the
> securelevel.

Okay, so how about a sysctl knob for it?

-- 
Frank Tobin			"To learn what is good and what is to be
http://www.bigfoot.com/~ftobin	 valued, those truths which cannot be
				 shaken or changed." Myst: The Book of Atrus
FreeBSD: The Power To Serve

PGPenvelope = GPG and PGP5 + Pine             PGP:  4F86 3BBB A816 6F0A 340F
http://www.bigfoot.com/~ftobin/resources.html       6003 56FF D10A 260C 4FA3



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message