From owner-freebsd-security  Thu May 11  9:20:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.2.163])
	by hub.freebsd.org (Postfix) with ESMTP id B992637B612
	for <freebsd-security@freebsd.org>; Thu, 11 May 2000 09:20:32 -0700 (PDT)
	(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
	by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1)
	id 12pvh7-000DNJ-00; Thu, 11 May 2000 18:20:13 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Paul Hart <hart@iserver.com>
Cc: Adam Laurie <adam@algroup.co.uk>, freebsd-security@FreeBSD.ORG
Subject: Re: envy.vuurwerk.nl daily run output 
In-reply-to: Your message of "Thu, 11 May 2000 10:03:38 CST."
             <Pine.BSF.4.21.0005110953510.8386-100000@anchovy.orem.iserver.com> 
Date: Thu, 11 May 2000 18:20:13 +0200
Message-ID: <51416.958062013@axl.ops.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Thu, 11 May 2000 10:03:38 CST, Paul Hart wrote:

> But if you have hostile local users with root access, can you even trust
> the output from /etc/security?

The nightly security run is there to assist the benevolant administrator
by highlighting things that the administrator himself (usually) has
changed that may influence the security of the system.

It is in no way suited to assisting in the tracking down of rooted
machines.

So can we let this die already?

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message