Исходное сообщение
"В ядро Linux 5.4 приняты патчи для ограничения доступа root ..." Отправлено анонн, 30-Сен-19 12:42
> В этом есть смысл. Не для этих ваших десктопов, но для серверов > и (как ни странно) смартфончиков. Которые настраиваются раз, а потом работают > в режиме только накатывания обновлений с / в режиме RO. Конечно есть (у некоторых "замшелых и отсталых" уже лет 20 как есть )) ) Author: rwatson <rwatson@FreeBSD.org> Date:   Wed Dec 5 18:49:20 2001 +0000     o Make kern.security.bsd.suser_enabled TUNABLE.          Requested by:   green $ sysctl -d security.bsd.suser_enabled security.bsd.suser_enabled: processes with uid 0 have privilege в связке с kern.securelevel: The security      levels are:      -1    Permanently insecure mode - always run the system in insecure mode.            This is the default initial value.      0     Insecure mode - immutable and append-only flags may be turned off.            All devices may be read or written subject to their permissions.      1     Secure mode - the system immutable and system append-only flags may            not be turned off; disks for mounted file systems, /dev/mem and            /dev/kmem may not be opened for writing <snip>      2     Highly secure mode - same as secure mode, plus disks may not be            opened for writing (except by mount(2)) whether mounted or not. <snip>            In addition, kernel time changes are restricted to less than or            equal to one second.  Attempts to change the time by more than this            will log the message “Time adjustment clamped to +1 second”.      3     Network secure mode - same as highly secure mode, plus IP packet            filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) cannot be            changed and dummynet(4) or pf(4) configuration cannot be adjusted.