Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 12 Feb 2006 13:35:05 +0200
From:      Alex Renn <ray@TXnet.com>
To:        Lowell Gilbert <freebsd-questions@freebsd.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re[2]: CD installation and file flags
Message-ID:  <597571270.20060212133505@TXnet.com>
In-Reply-To: <44y80jyreb.fsf@be-well.ilk.org>
References:  <358523811.20060209192506@TXnet.com> <44y80jyreb.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Lowell Gilbert!

SUID/SGID files in my default installation do not have any flags set:

$ uname -a
FreeBSD  6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov  3 09:36:13 UTC 2005     root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC  i386
$ ls -alo `which su`
-r-sr-xr-x  1 root  wheel  - 11992 Nov  3 08:11 /usr/bin/su

That's why I'm asking about this.
I think there should be some flags set by default.

====[ End of message ]====

    Best Regards,
    Alex Renn
    ray@TXnet.com

===[ Original Message ]===

From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: Alex Renn <ray@TXnet.com>
Subject: CD installation and file flags
Date: 10.02.2006 20:56

> Alex Renn <ray@TXnet.com> writes:

>> I installed FreeBSD 6.0 from CD and noticed that file flags were not
>> applied by default to /boot, /bin, /sbin.

> Right.  suid files get the flags, but nothing else.  

>> I set kernel_securelevel to 3 but it does not help a lot while there
>> are no schg flags on system files.

> File flags are enforced at a securelevel of 1.  If they are all you
> care about, then there's no reason to add the filesystem mounting,
> clock, and firewall restrictions of levels 2 and 3.

>> Is there any script to set proper flags for all files in the default
>> installation?

> There is not widespread agreement on the definition of "proper" in
> that sentence.  Once you have a precise idea of what you think it
> should be, writing a script for your particular needs will be
> trivial.  

> Be well.

===[ End of Original Message ]===

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?597571270.20060212133505>