Date: Tue, 29 May 2001 16:15:24 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Seth <seth@psychotic.aberrant.org> Cc: Vivek Khera <khera@kcilink.com>, stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <200105292315.f4TNFOu31573@earth.backplane.com> References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com> <200105292211.f4TMBpB30316@earth.backplane.com> <20010529183239.B14308@psychotic.aberrant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:Can we agree that it (that is, securelevel > 0 and schg on selected binaries)
:raises the bar a bit higher? If so, it seems to me that it might be worth
:doing (though most appropriately on a user-by-user basis).
:
:Seth.
Putting on my security hat... no. All you are doing is forcing the
hacker to use some more obscure and possibly less detectable way to
compromise the machine. So, in fact, you could be making the problem
*worse*.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292315.f4TNFOu31573>