Attachment #13340 for bug #25447

View | Details | Raw Unified | Return to bug 25447
Collapse All | Expand All




            address space on an IA32, or exactly 256MB.</para>
        </answer>
      </qandaentry>

      <qandaentry>
        <question>
          <para>Why can't I unset the <literal>schg</literal> flag?  I
            thought <username>root</username> was only constrained by
            hardware limitations!</para>
        </question>

        <answer>
          <para>Short answer: you're running at a securelevel > 0.  Lower
            the securelevel and try again.  For more information, see the
            &man.init.8; manual page.</para>

          <para>Long answer: The operating system didn't used to limit
            <username>root</username>; then the Internet changed from being
            a research network to part-time home of some unfriendly people,
            and security became a great concern.  One of the mechanisms of
            trying to enforce security is the securelevel.  Securelevel
            makes certain actions prohibited, even to
            <username>root</username>.  One of these actions is the ability
            to unset the <literal>schg</literal>, or system immutable,
            flag.</para>

          <para>This is a feature of securelevel.  The idea is to be able
            to assert certain system-critical files' (e.g., the kernel,
            &man.init.8;) integrity.  While the <literal>schg</literal>
            flag is set, the kernel will not let anyone remove or modify
            the file.  If the securelevel is set to something greater than
            0, the kernel will also prohibit everyone from unsetting the
            <literal>schg</literal> flag.</para>

          <para>
            <note>
              <para>It should also be mentioned that while the idea of
                securelevel and files that can't be modified sounds good in
                theory, it rarely helps in practice against all but the
                dumbest of attackers.  Securelevel, and hence the
                protections of <literal>schg</literal>, can be easily
                circumvented, by, e.g., rebooting the system.  Unless all
                files used during the boot process are protected, the
                attacker can possibly insert malicious code into them; and
                if they are protected, administration is made almost
                impossible without going to single-user mode.</para>

              <para>The above is but one example of the deficiencies of
                securelevel; consider yourself warned.</para>
            </note>
          </para>

          <para>For more information on securelevel, please see the
            &man.init.8; manual page.</para>
        </answer>
      </qandaentry>
    </qandaset>
  </chapter>

Return to bug 25447

Lines 6834-6839 Link Here

(-)book.sgml (+53 lines)
6834	address space on an IA32, or exactly 256MB.</para>	6834	address space on an IA32, or exactly 256MB.</para>
6835	</answer>	6835	</answer>
6836	</qandaentry>	6836	</qandaentry>
		6837
		6838	<qandaentry>
		6839	<question>
		6840	<para>Why can't I unset the <literal>schg</literal> flag? I
		6841	thought <username>root</username> was only constrained by
		6842	hardware limitations!</para>
		6843	</question>
		6844
		6845	<answer>
		6846	<para>Short answer: you're running at a securelevel > 0. Lower
		6847	the securelevel and try again. For more information, see the
		6848	&man.init.8; manual page.</para>
		6849
		6850	<para>Long answer: The operating system didn't used to limit
		6851	<username>root</username>; then the Internet changed from being
		6852	a research network to part-time home of some unfriendly people,
		6853	and security became a great concern. One of the mechanisms of
		6854	trying to enforce security is the securelevel. Securelevel
		6855	makes certain actions prohibited, even to
		6856	<username>root</username>. One of these actions is the ability
		6857	to unset the <literal>schg</literal>, or system immutable,
		6858	flag.</para>
		6859
		6860	<para>This is a feature of securelevel. The idea is to be able
		6861	to assert certain system-critical files' (e.g., the kernel,
		6862	&man.init.8;) integrity. While the <literal>schg</literal>
		6863	flag is set, the kernel will not let anyone remove or modify
		6864	the file. If the securelevel is set to something greater than
		6865	0, the kernel will also prohibit everyone from unsetting the
		6866	<literal>schg</literal> flag.</para>
		6867
		6868	<para>
		6869	<note>
		6870	<para>It should also be mentioned that while the idea of
		6871	securelevel and files that can't be modified sounds good in
		6872	theory, it rarely helps in practice against all but the
		6873	dumbest of attackers. Securelevel, and hence the
		6874	protections of <literal>schg</literal>, can be easily
		6875	circumvented, by, e.g., rebooting the system. Unless all
		6876	files used during the boot process are protected, the
		6877	attacker can possibly insert malicious code into them; and
		6878	if they are protected, administration is made almost
		6879	impossible without going to single-user mode.</para>
		6880
		6881	<para>The above is but one example of the deficiencies of
		6882	securelevel; consider yourself warned.</para>
		6883	</note>
		6884	</para>
		6885
		6886	<para>For more information on securelevel, please see the
		6887	&man.init.8; manual page.</para>
		6888	</answer>
		6889	</qandaentry>
6837	</qandaset>	6890	</qandaset>
6838	</chapter>	6891	</chapter>