Date: Tue, 29 May 2001 14:56:09 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Vivek Khera <khera@kcilink.com> Cc: stable@freebsd.org Subject: Re: adding "noschg" to ssh and friends Message-ID: <20010529145609.A1209@xor.obsecurity.org> In-Reply-To: <15124.4635.887375.682204@onceler.kciLink.com>; from khera@kcilink.com on Tue, May 29, 2001 at 05:18:19PM -0400 References: <15124.4635.887375.682204@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, May 29, 2001 at 05:18:19PM -0400, Vivek Khera wrote: > Given some recent security issues with older versions of ssh, and that > some attacks involve replacing the ssh binary on compromized systems > to capture additional passwords, wouldn't it be prudent to mark the > ssh related binaries as schg? The rsh related ones already are so > marked, and it just seems to follow to me that ssh related binaries > should as well. No; schg isn't a security feature, at best it's an anti-foot-shooting feature to prevent accidental trashing of the file. Kris --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7FBr5Wry0BWjoQKURAr/BAJ9GXOQmC83nI/ktKGSyefAhMOMC3gCcCCN4 ZlP6gGQpZknmbgfapfqrGn0= =nKfc -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010529145609.A1209>