From owner-freebsd-stable@FreeBSD.ORG  Mon Dec  3 16:34:17 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B8B7716A46B
	for <freebsd-stable@freebsd.org>; Mon,  3 Dec 2007 16:34:17 +0000 (UTC)
	(envelope-from mike@jellydonut.org)
Received: from mail2.secureworks.net (mail2.secureworks.net [65.114.32.154])
	by mx1.freebsd.org (Postfix) with ESMTP id 95AA313C45B
	for <freebsd-stable@freebsd.org>; Mon,  3 Dec 2007 16:34:17 +0000 (UTC)
	(envelope-from mike@jellydonut.org)
Received: from localhost (localhost.secureworks.net [127.0.0.1])
	by mail2.secureworks.net (Postfix) with ESMTP id 053315643F;
	Mon,  3 Dec 2007 11:33:22 -0500 (EST)
X-Virus-Scanned: amavisd-new at secureworks.net
Received: from mail2.secureworks.net ([127.0.0.1])
	by localhost (mail2.secureworks.net [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id mt4ZClcGA--0; Mon,  3 Dec 2007 11:33:21 -0500 (EST)
Received: from [192.168.23.35] (mole1.secureworks.net [63.239.86.3])
	by mail2.secureworks.net (Postfix) with ESMTP id CB6B556437;
	Mon,  3 Dec 2007 11:33:21 -0500 (EST)
Message-ID: <47543008.7040902@jellydonut.org>
Date: Mon, 03 Dec 2007 11:34:16 -0500
From: Michael Proto <mike@jellydonut.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.8.1.8pre) Gecko/20071022 Thunderbird/2.0.0.6 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Anjang Aki <mailman.msc@gmail.com>
References: <bcd996c30712030759w39bb29fbje5d0169436565f3b@mail.gmail.com>
In-Reply-To: <bcd996c30712030759w39bb29fbje5d0169436565f3b@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-stable@freebsd.org
Subject: Re: FreeBSD 6.3-PRERELEASE unable to change file permission
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2007 16:34:17 -0000

Anjang Aki wrote:
> hi!.. i'm not able to change file permission to disable rlogin and
> login on my box even as root
> 
> # ls -lo /usr/bin/login /usr/bin/rlogin
> -r-sr-xr-x  1 root  wheel  schg 19996 Dec  1 13:04 /usr/bin/login
> -r-sr-xr-x  1 root  wheel  schg 10140 Dec  1 13:04 /usr/bin/rlogin
> 
> # chflags -R nouchg login rlogin
> chflags: /usr/bin/login: Operation not permitted
> chflags: /usr/bin/rlogin: Operation not permitted
> 
> # chmod a=rx /usr/bin/login /usr/bin/rlogin
> chmod: /usr/bin/login: Operation not permitted
> chmod: /usr/bin/rlogin: Operation not permitted
> 
> it makes me uneasy as my users can still use login and rlogin to gain
> access to the box
> 
> my system:
> # uname -a
> FreeBSD k3.college.edu 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #1: Sun
> Dec  2 18:51:02 MYT 2007     root@college.edu:/usr/obj/usr/src/sys/EDU
>  i386
> 
> thanks for advice
> 

It looks like these files have the system-immutable flags set (schg),
not the user-immutable (uchg). What happens if you do "chflags noschg
/usr/bin/login /usr/bin/rlogin"?


-Proto