On Thu, 12 Apr 2007, Bernd Walter wrote: >> I'm not a big fan of setting these flags -- I fairly frequently run into >> problems when I installworld an NFS root on the NFS host, then try to work >> with it over NFS from the NFS-booted system, as the flags can't be removed >> via NFS. They don't offer a security benefit as-installed, and perhaps >> offer a benefit with respect to preventing people from shooting themselves >> in the foot (or perhaps not). > > They do add security benefits for jails. E.g. hardlink system binaries over > multiple jails flaged immuteable. No jail can compromise the data in other > jails, while still allowing the kernel to share memory pages for it. However, the standard installworld doesn't do this. I'm don't object to the flags existing, it's rather that I think that the incremental benefit of the cases where we do set them by default via installworld isn't there. If you're going to use schg to protect jails, it basically requires setting the flag on all the directories and files that are shared, and that wouldn't be a good default either. :-) Robert N M Watson Computer Laboratory University of CambridgeReceived on Thu Apr 12 2007 - 10:34:12 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:08 UTC