Date: Fri, 1 Jun 2001 17:13:18 -0400 (EDT) From: Adrian Filipi-Martin <adrian@ubergeeks.com> To: Matt Dillon <dillon@earth.backplane.com> Cc: Mike Smith <msmith@FreeBSD.ORG>, <stable@FreeBSD.ORG> Subject: Re: adding "noschg" to ssh and friends Message-ID: <20010601170936.S23603-100000@lorax.ubergeeks.com> In-Reply-To: <200105292342.f4TNgil32170@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 May 2001, Matt Dillon wrote: > > : > :> :Er, Matt. I appreciate what you're trying to say, but this argument is > :> :logically invalid. You could use it to argue that any security is a bad > :> :idea because it forces people to do sneakier things. > :> > :> I have to disagree. Here, let me give a contrasting example: > : > :You're missing the point. Stop arguing with me; I agree with you. I'm > :just telling you that the logic you're using to support your arguments is > :faulty, and the argument suffers as a result. 8) > > Well, then I'm not sure what you are complaining about. Somebody > labeled 'schg' as being a security feature, and I disagreed. It > could be called a safety feature, but it certainly is not a security > feature. > > -Matt Safety features can be used to implement security features. We schg /, /bin, /sbin, /usr/lib, etc. and most of /etc including the rc* files. The fact that it slows down our admins gives me some hope that in the even if an actual break in, the hacker would be to. No, the flags are not a substitute for other security practices, but it makes it harder to do certain things that hackers would like to do if given the chance. Adrian -- [ adrian@ubergeeks.com ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601170936.S23603-100000>