From owner-freebsd-security Thu May 11 19:48:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by hub.freebsd.org (Postfix) with ESMTP id 21A6037B789 for ; Thu, 11 May 2000 19:48:46 -0700 (PDT) (envelope-from shalunov@att.net) Received: from sharik.worldnet.att.net ([12.68.38.143]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.02.39 201-229-119-122) with ESMTP id <20000512024844.NDDA3646.mtiwmhc23.worldnet.att.net@sharik.worldnet.att.net>; Fri, 12 May 2000 02:48:44 +0000 Received: (from shalunov@localhost) by sharik.worldnet.att.net (8.9.2/8.9.2) id WAA00497; Thu, 11 May 2000 22:48:42 -0400 (EDT) (envelope-from shalunov) To: "Jeffrey J. Mountin" Cc: freebsd-security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output References: <20000509150609.L42267@vuurwerk.nl> <4.3.2.20000511192741.00c24ac0@207.227.119.2> From: stanislav shalunov Date: 11 May 2000 22:48:41 -0400 In-Reply-To: "Jeffrey J. Mountin"'s message of "Thu, 11 May 2000 20:10:41 -0500" Message-ID: <87snvo8ovq.fsf@sharik.worldnet.att.net> Lines: 15 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jeffrey J. Mountin" writes: > You could always force the ownership of .ssh/ and any files under it > to root. But the owner of the home directory can just "mv .ssh ssh-forget-me". If the user already has an authorized_keys file, he'd probably notice. Otherwise, especially if he doesn't ssh out from that machine or it has a good known_hosts file it can go unnoticed. Or did you mean "...and check that ownership didn't change daily"? (They could move the directories around daily, too.) -- stanislav shalunov | Speaking only for myself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message