> Maybe you missed something - you cannot change flags when your system
> has security level (kern.securelevel) raised above 0.
Nobody missed that since anyone can
easily install default freebsd and observe...
$ sysctl kern.securelevel
kern.securelevel: -1
SECURITY(7) - introduction to security
On 12/11/2021 22:33, grarpamp wrote:
Flags are not security since root will bypass everything.
Maybe you missed something - you cannot change flags when your system
has security level (kern.securelevel) raised above 0. And this level
cannot be lowered on running system, only at boot time. Als
On Fri, Nov 12, 2021 at 09:04:47PM +0100, Herbert J. Skuhra wrote:
> On Fri, 12 Nov 2021 20:22:38 +0100, "Herbert J. Skuhra" wrote:
> >
> > Hi!
> >
> > # uname -rms
> > FreeBSD 12.2-RELEASE-p10 amd64
> >
> > # cd tmp
> > # fetch
> > https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/b
Flags are not security since root will bypass everything.
While some may beg for anti-footshooting, but
where might that cry end up... chflags -Rhx schg / .
Nor should freebsd fill that role when local admins
know best for and given their own individual environments.
If local tendency is to run aro
On Fri, 12 Nov 2021 20:22:38 +0100, "Herbert J. Skuhra" wrote:
>
> Hi!
>
> # uname -rms
> FreeBSD 12.2-RELEASE-p10 amd64
>
> # cd tmp
> # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz
> # tar -xzvf base.txz
> # find . -flags schg
> ./sbin/init
> ./var/empty
> ./usr/
Hi!
# uname -rms
FreeBSD 12.2-RELEASE-p10 amd64
# cd tmp
# fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz
# tar -xzvf base.txz
# find . -flags schg
./sbin/init
./var/empty
./usr/bin/opieinfo
./usr/bin/passwd
./usr/bin/su
./usr/bin/chpass
./usr/bin/opiepasswd
./usr/bin
