ZFS to support chflags?
rwatson at FreeBSD.org
Thu Apr 12 12:34:12 UTC 2007
On Thu, 12 Apr 2007, Bernd Walter wrote:
>> I'm not a big fan of setting these flags -- I fairly frequently run into
>> problems when I installworld an NFS root on the NFS host, then try to work
>> with it over NFS from the NFS-booted system, as the flags can't be removed
>> via NFS. They don't offer a security benefit as-installed, and perhaps
>> offer a benefit with respect to preventing people from shooting themselves
>> in the foot (or perhaps not).
> They do add security benefits for jails. E.g. hardlink system binaries over
> multiple jails flaged immuteable. No jail can compromise the data in other
> jails, while still allowing the kernel to share memory pages for it.
However, the standard installworld doesn't do this. I'm don't object to the
flags existing, it's rather that I think that the incremental benefit of the
cases where we do set them by default via installworld isn't there. If you're
going to use schg to protect jails, it basically requires setting the flag on
all the directories and files that are shared, and that wouldn't be a good
default either. :-)
Robert N M Watson
University of Cambridge
More information about the freebsd-current