kernel file flags
M. Warner Losh
imp at bsdimp.com
Sun Dec 7 12:11:01 PST 2003
In message: <20031207193213.GD3081 at unixpages.org>
Christian Brueffer <chris at unixpages.org> writes:
: it seems that since a few weeks the schg flag is not getting set for the
: kernel and modules anymore, so they can be replaced with securelevel 1
: set.
:
: I'd consider that a bug. Was this intended?
Yes. It was done with with malice of forethought. If you want a
secure system, you need to make sure it is secure. schg is an
anti-foot shooting measure only so long as /etc/rc.d* don't have schg
on them...
Warner
More information about the freebsd-current
mailing list