> On Thu, Jul 09, 2015 at 10:01:01PM -0600, Theo de Raadt wrote: > > The 4.4BSD chflags model of "security" on inodes is unmaintained, and > > the utilitization of this is not realized OpenBSD. > > > > To be honest, I doubt any of us see much benefit in it, relative to > > other features of the system. When you are holed, a few file changes > > + a reboot can undo it, voila, noone would ever notice. > > > > I don't think it is more than a gimmick. > > > > If you use it, you really are on your own. To my knowledge, noone in > > the development group has seriously trialed/used it in years. > > Could they ever be removed?
Wow, I had not considered that option. My personal opinion is that UFS "di_flags" is an experimental hack CSRG threw into 4.4. It was supposed to tie into securelevels, but never showed fruitful results (relative to other security features) since so many filesystems lack support for it (and will forever). I don't know the opinion of others, but suspect almost noone relies on it. Yet, it hides under the surface and many base programs can set the flags (to 0, exclusively). There are tentacles everywhere. > From what I just read, it doesn't seem like they're standardized. Would > the silent changes to people's file access controls be unacceptable? Play with rsync to a msdos filesystem. I think experienced people understand what is going on, and inexperienced people need to become minimally experienced because this is a bit more than the iphone experience. Or maybe they just ignore the noise? > If it's possible, I'm interesting in trying. Well wait for another developer to provide their input; if it seems positive, give it a shot and let's see where it goes. Let me say it again: there are tentacles for this everywhere. Removing it would probably require a strategy.
