Date: Sun, 12 Feb 2006 13:35:05 +0200 From: Alex Renn <ray@TXnet.com> To: Lowell Gilbert <freebsd-questions@freebsd.org> Cc: freebsd-questions@freebsd.org Subject: Re[2]: CD installation and file flags Message-ID: <597571270.20060212133505@TXnet.com> In-Reply-To: <44y80jyreb.fsf@be-well.ilk.org> References: <358523811.20060209192506@TXnet.com> <44y80jyreb.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Lowell Gilbert! SUID/SGID files in my default installation do not have any flags set: $ uname -a FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 $ ls -alo `which su` -r-sr-xr-x 1 root wheel - 11992 Nov 3 08:11 /usr/bin/su That's why I'm asking about this. I think there should be some flags set by default. ====[ End of message ]==== Best Regards, Alex Renn ray@TXnet.com ===[ Original Message ]=== From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Alex Renn <ray@TXnet.com> Subject: CD installation and file flags Date: 10.02.2006 20:56 > Alex Renn <ray@TXnet.com> writes: >> I installed FreeBSD 6.0 from CD and noticed that file flags were not >> applied by default to /boot, /bin, /sbin. > Right. suid files get the flags, but nothing else. >> I set kernel_securelevel to 3 but it does not help a lot while there >> are no schg flags on system files. > File flags are enforced at a securelevel of 1. If they are all you > care about, then there's no reason to add the filesystem mounting, > clock, and firewall restrictions of levels 2 and 3. >> Is there any script to set proper flags for all files in the default >> installation? > There is not widespread agreement on the definition of "proper" in > that sentence. Once you have a precise idea of what you think it > should be, writing a script for your particular needs will be > trivial. > Be well. ===[ End of Original Message ]===
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?597571270.20060212133505>