From owner-freebsd-stable  Tue May 29 14:18:22 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from yertle.kciLink.com (yertle.kcilink.com [216.194.193.105])
	by hub.freebsd.org (Postfix) with ESMTP id 9868337B422
	for <stable@freebsd.org>; Tue, 29 May 2001 14:18:20 -0700 (PDT)
	(envelope-from khera@kciLink.com)
Received: from onceler.kciLink.com (onceler.kciLink.com [216.194.193.106])
	by yertle.kciLink.com (Postfix) with ESMTP id 19C9E2E461
	for <stable@freebsd.org>; Tue, 29 May 2001 17:18:20 -0400 (EDT)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.3/8.11.3) id f4TLIJj76661;
	Tue, 29 May 2001 17:18:20 -0400 (EDT)
	(envelope-from khera)
From: Vivek Khera <khera@kcilink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15124.4635.887375.682204@onceler.kciLink.com>
Date: Tue, 29 May 2001 17:18:19 -0400
To: stable@freebsd.org
Subject: adding "noschg" to ssh and friends
X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Given some recent security issues with older versions of ssh, and that
some attacks involve replacing the ssh binary on compromized systems
to capture additional passwords, wouldn't it be prudent to mark the
ssh related binaries as schg?  The rsh related ones already are so
marked, and it just seems to follow to me that ssh related binaries
should as well.

If I set the flags manually, will it barf on make installworld next
time around or does installworld unset all schg flags before
installing?

Perusing the makefiles, I don't see how the rsh related files have
schg cleared prior to the new installation, but it must get done,
right?

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message