Date: Tue, 16 Jul 1996 18:12:41 -0400 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: David McNab <mcnab@bayarea.net> Cc: kelly@fsl.noaa.gov, black@MR.Net, questions@FreeBSD.ORG Subject: Re: can't delete rcp Message-ID: <3178.837555161@orion.webspan.net> In-Reply-To: Your message of "Tue, 16 Jul 1996 11:17:37 PDT." <199607161817.LAA03277@baygate.bayarea.net>
next in thread | previous in thread | raw e-mail | index | archive | help
David McNab wrote in message ID <199607161817.LAA03277@baygate.bayarea.net>: > This "flags" thing looks like an abomination to > me. What is the rationale behind it, and where did it > come from? Simple. Security. If you add a `schg' (system immutable) flag to a file, then increase the kernel security level (currently -1 as it causes problems in some situations) to be 1 or more, then you CANNOT remove the flag and CANNOT change the binary without booting single user. So if you set schg on all the system binaries, and run at a higher security level on your servers, the security is increased quite a bit ... of course, even this should make you sleep easy at nights if you haven't taken other precautions too... Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3178.837555161>