CD installation and file flags
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Mon Feb 13 07:21:56 PST 2006
Alex Renn <ray at TXnet.com> writes:
> Hello Lowell Gilbert!
Hello!
[Don't top-post, please.]
> SUID/SGID files in my default installation do not have any flags set:
>
> $ uname -a
> FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
> $ ls -alo `which su`
> -r-sr-xr-x 1 root wheel - 11992 Nov 3 08:11 /usr/bin/su
>
> That's why I'm asking about this.
> I think there should be some flags set by default.
Hmm, yes. The distribution tar files don't seem to have flags set.
The tar documentation claims that it can handle file flags, but
I've never tried it (the Gnu tar, which FreeBSD used until fairly
recently, does not). From a quick look, the missing flags seem to
be an artifact of the packaging process. Sorry about missing that
earlier; flags are set on suid files by the source build/install
process, and I haven't done a new install in a long time.
If you source-upgrade the system, you'll get the flags set.
However, if you are interested in this as a security measure, I
recommend setting up your own mtree(1) specification to set the
flags that *you* want. That will also allow you to use that same
specification to check that the flags have remained the way you
want them set.
Good luck.
More information about the freebsd-questions
mailing list