[nycbug-talk] security advisory
spork at bway.net
Thu Jan 19 15:46:44 EST 2006
On Thu, 19 Jan 2006, Isaac Levy wrote:
> Hi Charles,
> On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote:
>> I'm logging into all my jail boxes and running "chflags -R noschg /", since
>> securelevels are now officially useless.
>> Onion, shmonion!
I'm just having fun with Theo's "securelevels are useless" response. They
may not be a perfect solution, but to just discard the whole idea (flaws
and all), you lose a layer of security. Layers are good.
> ? Well, you'd have to mount some other filesystem on top of the files you
> wish to circumvent first?
> Unless I'm missing something truly awful here...
I think I'm missing something too... The example shows someone nfs
mounting a directory over an existing, populated directory. The guy is
then shocked that the flags from the files under that filesystem do not
show up??? I don't think I'd expect that. Is he suggesting that changes
made to the nfs mounted directory will somehow remain after the nfs dir is
If this is all the fuss, then I guess I understand why Theo is going into
"shut up and go away" mode.
More information about the talk