On Fri, Apr 12, 2002 at 06:17:55PM -0700, Patrick R. Wade wrote: > On Fri, Apr 12, 2002 at 06:03:13PM -0700, Jacob Meuser wrote: > > > >OpenBSD 3.1 will be released June 1, 2002. Snapshots (VERY close to > >what will be the official release) are still on OpenBSD mirrors. > > > > <flamebait> > Will it still be r00table in that it supports an omnipotent root account? > </flamebait>
root doesn't have to be completely omnipotent. There's always chflags and 'sysctl -w kern.securelevel=2'. from securelevel(7) Highly secure mode may seem Draconian, but it is intended as a last line of defense should the superuser account be compromised. Its effectes preclude circumvention of file flags by direct modification of a raw disk device, or erasure of q filesystem by means of newfs. Further, it can limit the potential damage of a compromised "firewall" by prohibiting the modification of packet filter rules. Preventing the system clock from being set backwards aids in post-mortem analysis and helps ensure the integrity of logs. Precision timekeeping is not affected because the clock may still be slowed. But, in general, root isn't going anywhere in OpenBSD (anytime soon anyway). -- <[EMAIL PROTECTED]>
