From owner-freebsd-hackers  Sat Jul 10 13:51:35 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 914FE14D9B; Sat, 10 Jul 1999 13:50:55 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id WAA14139;
	Sat, 10 Jul 1999 22:48:55 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199907102048.WAA14139@gratis.grondar.za>
To: chris@calldei.com
Cc: Ben Rosengart <ben@skunk.org>,
	"Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG
Subject: Re: a BSD identd 
Date: Sat, 10 Jul 1999 22:48:53 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > Pidentd+DES _is_ useful in the situation you mention above. It is
> > on average useless to most security folk, as it can also be used
> > to obfuscate the problem. Crack root on the box, and identd is no
> > longer trustworthy.
> 
>    You have an interesting point, however, once a user gains root
> access, nothing on the machine should be considered trustworthy.

Right - but ident is an "after the fact" tool; one which at the time
you really need results is at its least trustworthy. I need that like
an extra hole in the head. :-)

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message