From owner-freebsd-hackers Sat Jul 10 13:51:35 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 914FE14D9B; Sat, 10 Jul 1999 13:50:55 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id WAA14139; Sat, 10 Jul 1999 22:48:55 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199907102048.WAA14139@gratis.grondar.za> To: chris@calldei.com Cc: Ben Rosengart , "Brian F. Feldman" , hackers@FreeBSD.ORG Subject: Re: a BSD identd Date: Sat, 10 Jul 1999 22:48:53 +0200 From: Mark Murray Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Pidentd+DES _is_ useful in the situation you mention above. It is > > on average useless to most security folk, as it can also be used > > to obfuscate the problem. Crack root on the box, and identd is no > > longer trustworthy. > > You have an interesting point, however, once a user gains root > access, nothing on the machine should be considered trustworthy. Right - but ident is an "after the fact" tool; one which at the time you really need results is at its least trustworthy. I need that like an extra hole in the head. :-) M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message