From owner-freebsd-security Mon Jul 28 16:17:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA11112 for security-outgoing; Mon, 28 Jul 1997 16:17:25 -0700 (PDT) Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA11097 for ; Mon, 28 Jul 1997 16:17:10 -0700 (PDT) Received: from localhost (vince@localhost) by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id QAA06842; Mon, 28 Jul 1997 16:17:05 -0700 (PDT) Date: Mon, 28 Jul 1997 16:17:04 -0700 (PDT) From: Vincent Poy To: "Matthew N. Dodd" cc: security@FreeBSD.ORG, JbHunt , "[Mario1-]" Subject: Re: security hole in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 28 Jul 1997, Matthew N. Dodd wrote: =)On Mon, 28 Jul 1997, Vincent Poy wrote: =)> On Mon, 28 Jul 1997, Matthew N. Dodd wrote: =)> =)As a general rule I set all suid/sgid system executeables schg and run =)> =)with securelevel set to 1 or 2. =) ^^^^^^^^^^^^^^^^^^^^^^^^^ =)> That wouldn't do any good if the user can chflags noschg on the =)> binaries you have schg on. =) =)'man init' True but if you needed to compile -current, you would need to remove the schg flags on some binaries before the make world. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]