Date: Thu, 3 Jun 1999 14:33:05 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Unknow User <kernel@tdnet.com.br> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH2 (in FreeBSD-Questions) Message-ID: <v04011702b37c79bbd872@[128.113.24.47]> In-Reply-To: <375693C1.68C59211@tdnet.com.br> References: <Pine.BSF.3.96.990603133742.8776C-100000@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2:40 PM +0000 6/3/99, Unknow User wrote: >Bill Fumerola wrote: > >> Manually apply the patch or use the source and figure it out for yourself. >> >> Stop doing things the hard way just for a false sense of security. > ^^^^^^^^^^^^^^^^^^^^^^^ > >The problem is that we never now what SUID, port will install! >It happens that other has the same "false sense of security" i have: Yes, so instead of using the port collection, you went ahead and installed ssh2 without any freebsd-specific updates, and you were quite willing to run that program as super-user even though you clearly don't have a clue what it does, what it *needs* to do under Freebsd, or even what you are doing. This is known as a false sense of security. >The problem is that we never now what SUID, port will install! To answer this in another way, if you did know what you were doing, you would realize that the system checks for setuid programs every day, and sends email to root if some change occurs among setuid programs. You could monitor that email, and then you WOULD know what setuid programs were installed by a port. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011702b37c79bbd872>