CD installation and file flags
Alex Renn
ray at TXnet.com
Sun Feb 12 03:35:11 PST 2006
Hello Lowell Gilbert!
SUID/SGID files in my default installation do not have any flags set:
$ uname -a
FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
$ ls -alo `which su`
-r-sr-xr-x 1 root wheel - 11992 Nov 3 08:11 /usr/bin/su
That's why I'm asking about this.
I think there should be some flags set by default.
====[ End of message ]====
Best Regards,
Alex Renn
ray at TXnet.com
===[ Original Message ]===
From: Lowell Gilbert <freebsd-questions-local at be-well.ilk.org>
To: Alex Renn <ray at TXnet.com>
Subject: CD installation and file flags
Date: 10.02.2006 20:56
> Alex Renn <ray at TXnet.com> writes:
>> I installed FreeBSD 6.0 from CD and noticed that file flags were not
>> applied by default to /boot, /bin, /sbin.
> Right. suid files get the flags, but nothing else.
>> I set kernel_securelevel to 3 but it does not help a lot while there
>> are no schg flags on system files.
> File flags are enforced at a securelevel of 1. If they are all you
> care about, then there's no reason to add the filesystem mounting,
> clock, and firewall restrictions of levels 2 and 3.
>> Is there any script to set proper flags for all files in the default
>> installation?
> There is not widespread agreement on the definition of "proper" in
> that sentence. Once you have a precise idea of what you think it
> should be, writing a script for your particular needs will be
> trivial.
> Be well.
===[ End of Original Message ]===
More information about the freebsd-questions
mailing list