From owner-freebsd-stable Tue May 29 15: 0: 7 2001 Delivered-To: freebsd-stable@freebsd.org Received: from yertle.kciLink.com (yertle.kcilink.com [216.194.193.105]) by hub.freebsd.org (Postfix) with ESMTP id 6D5D737B423 for ; Tue, 29 May 2001 15:00:01 -0700 (PDT) (envelope-from khera@kciLink.com) Received: from onceler.kciLink.com (onceler.kciLink.com [216.194.193.106]) by yertle.kciLink.com (Postfix) with ESMTP id 2CC922E462 for ; Tue, 29 May 2001 17:59:57 -0400 (EDT) Received: (from khera@localhost) by onceler.kciLink.com (8.11.3/8.11.3) id f4TLxvA29737; Tue, 29 May 2001 17:59:57 -0400 (EDT) (envelope-from khera) From: Vivek Khera MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15124.7132.963202.560009@onceler.kciLink.com> Date: Tue, 29 May 2001 17:59:56 -0400 To: stable@freebsd.org Subject: Re: adding "noschg" to ssh and friends In-Reply-To: <20010529145609.A1209@xor.obsecurity.org> References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >>>>> "KK" == Kris Kennaway writes: >> marked, and it just seems to follow to me that ssh related binaries >> should as well. KK> No; schg isn't a security feature, at best it's an anti-foot-shooting KK> feature to prevent accidental trashing of the file. I disagree. If my machine is at securelevel > 0, schg is a damned fine security mesasure to protect sensitive programs from being trojaned. There's just no way around it short of having access to the console. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message