From owner-freebsd-security Fri May 12 13:17:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id 9800C37C00F for ; Fri, 12 May 2000 13:16:48 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id PAA23209; Fri, 12 May 2000 15:16:45 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-86.max1.wa.cyberlynk.net(207.227.118.86) by peak.mountin.net via smap (V1.3) id sma023206; Fri May 12 15:16:38 2000 Message-Id: <4.3.2.20000511222552.00c38dd0@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Thu, 11 May 2000 22:42:41 -0500 To: stanislav shalunov From: "Jeffrey J. Mountin" Subject: Re: envy.vuurwerk.nl daily run output Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <87snvo8ovq.fsf@sharik.worldnet.att.net> References: <"Jeffrey J. Mountin"'s message of "Thu, 11 May 2000 20:10:41 -0500"> <20000509150609.L42267@vuurwerk.nl> <4.3.2.20000511192741.00c24ac0@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:48 PM 5/11/00 -0400, stanislav shalunov wrote: >"Jeffrey J. Mountin" writes: > > > You could always force the ownership of .ssh/ and any files under it > > to root. > >But the owner of the home directory can just "mv .ssh ssh-forget-me". >If the user already has an authorized_keys file, he'd probably notice. >Otherwise, especially if he doesn't ssh out from that machine or it >has a good known_hosts file it can go unnoticed. Whoops, forgot to add the flag so that it could not be deleted or removed. >Or did you mean "...and check that ownership didn't change daily"? >(They could move the directories around daily, too.) No. Without the flags set, that would just create more work and do little for security. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message