Date: Thu, 02 Aug 2001 01:15:57 +0100 From: Brian Somers <brian@Awfulhak.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Brian Somers <brian@Awfulhak.org>, Bart Matthaei <bart@xs4nobody.nl>, Nuno Teixeira <nuno.mailinglists@pt-quorum.com>, freebsd-security@FreeBSD.ORG, brian@freebsd-services.com, brian@freebsd-services.com Subject: Re: RELEASE 4.3 -> RELENG_4_3: SUCCESSFULLY but ... Message-ID: <200108020015.f720Fv811693@hak.lan.Awfulhak.org> In-Reply-To: Message from Kris Kennaway <kris@obsecurity.org> of "Wed, 01 Aug 2001 17:10:47 PDT." <20010801171046.A85330@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Aug 02, 2001 at 01:05:10AM +0100, Brian Somers wrote:
>
> > This just blows my mind. Not only because I can't see (for example) why=
> =20
> > rsh has schg and rshd does not, but also because
>
> It makes no sense as a security measure. It makes more sense as an
> anti-foot-shooting measure, to prevent accidental removal of critical
> binaries which are needed to get the system up and minimally running
> (init, /kernel, etc). Of course, that argument only works for some on
> that list, and the rest should probably have the flag removed.
Agreed. I'd definitely consider rshd more critical than rsh (for
people that use these programs) for example. sshd may be a good
candidate for anti-foot-shooting measures too (against it being
accidently removed, not noticed, and the box being rebooted).
> Kris
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108020015.f720Fv811693>