Re: Extracting base.txz files missing flags
- In reply to: Miroslav Lachman : "Re: Extracting base.txz files missing flags"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 12 Nov 2021 23:40:21 UTC
> Maybe you missed something - you cannot change flags when your system > has security level (kern.securelevel) raised above 0. Nobody missed that since anyone can easily install default freebsd and observe... $ sysctl kern.securelevel kern.securelevel: -1 SECURITY(7) - introduction to security under FreeBSD The security levels are: -1 Permanently insecure mode - always run the system in insecure mode. This is the default initial value. Thus they have no effect as shipped. Nor do the schg'd files posted interact jointly with securelevels to produce more security together. They're just a list of arbitrarily chosen anti-footshooters, and anti-malware and other security theatre, that don't really need to be managed by freebsd as such. Though the handbook security section could point to some port/pkg/mtree's if some users wanted to try making some offerings there. It would also be foolish to presume or suggest, without at least continuous formal verification etc, that any of today's OS cannot be compromised, regardless of whatever options are enabled. Even then, you have the problem of all the secret blackbox hardware aka CPU / NIC they all run on... #OpenFabs #OpenHW #OpenAudit .