From owner-freebsd-hackers  Mon Feb 24 14:29:54 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA24242
          for hackers-outgoing; Mon, 24 Feb 1997 14:29:54 -0800 (PST)
Received: from phoenix.its.rpi.edu (dec@phoenix.its.rpi.edu [128.113.161.45])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA24237
          for <hackers@freefall.freebsd.org>; Mon, 24 Feb 1997 14:29:51 -0800 (PST)
Received: (from dec@localhost) by phoenix.its.rpi.edu (8.8.4/8.8.3) id RAA11252 for hackers@freefall.freebsd.org; Mon, 24 Feb 1997 17:30:15 -0500 (EST)
Date: Mon, 24 Feb 1997 17:30:15 -0500 (EST)
From: "David E. Cross" <dec@phoenix.its.rpi.edu>
Message-Id: <199702242230.RAA11252@phoenix.its.rpi.edu>
To: hackers@freefall.freebsd.org
Subject: Re: disabling setuid sh/csh
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I have always wondered about the ability of also storing the MD5 of all the
suid files on the system, and merge that in with the nightly security audit.

Although the real problem is still that of a compromised security database,
I cannot think of a "real" way of protecting against that.

--
David Cross
ACS Consultant