Date: Tue, 29 May 2001 17:18:19 -0400 From: Vivek Khera <khera@kcilink.com> To: stable@freebsd.org Subject: adding "noschg" to ssh and friends Message-ID: <15124.4635.887375.682204@onceler.kciLink.com>
next in thread | raw e-mail | index | archive | help
Given some recent security issues with older versions of ssh, and that some attacks involve replacing the ssh binary on compromized systems to capture additional passwords, wouldn't it be prudent to mark the ssh related binaries as schg? The rsh related ones already are so marked, and it just seems to follow to me that ssh related binaries should as well. If I set the flags manually, will it barf on make installworld next time around or does installworld unset all schg flags before installing? Perusing the makefiles, I don't see how the rsh related files have schg cleared prior to the new installation, but it must get done, right? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15124.4635.887375.682204>