Date: Fri, 12 Nov 2021 23:29:24 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: grarpamp <grarpamp@gmail.com>, current@freebsd.org Subject: Re: Extracting base.txz files missing flags Message-ID: <72ea461d-6b16-a661-ac73-66aeb098208d@quip.cz> In-Reply-To: <CAD2Ti2-gL-%2Bjn949pGD9fkv_NS_ZCUqdx0S0giv=diJK0NT_1g@mail.gmail.com> References: <87fss1rxfl.wl-herbert@gojira.at> <CAD2Ti2-gL-%2Bjn949pGD9fkv_NS_ZCUqdx0S0giv=diJK0NT_1g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/11/2021 22:33, grarpamp wrote: > Flags are not security since root will bypass everything. Maybe you missed something - you cannot change flags when your system has security level (kern.securelevel) raised above 0. And this level cannot be lowered on running system, only at boot time. Also kernel modules cannot be loaded. See "man security" for more. > While some may beg for anti-footshooting, but > where might that cry end up... chflags -Rhx schg / . > Nor should freebsd fill that role when local admins > know best for and given their own individual environments. > If local tendency is to run around as root and > disrupt your filesystems so bad that even these... >> ./libexec/ld-elf.so.1 >> ./libexec/ld-elf32.so.1 > ... get routinely wrecked, then you have bigger local > problems to work on than freebsd can help you with :) Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72ea461d-6b16-a661-ac73-66aeb098208d>