Date: Tue, 29 May 2001 15:11:51 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Vivek Khera <khera@kcilink.com> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <200105292211.f4TMBpB30316@earth.backplane.com> References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:>> marked, and it just seems to follow to me that ssh related binaries :>> should as well. : :KK> No; schg isn't a security feature, at best it's an anti-foot-shooting :KK> feature to prevent accidental trashing of the file. : :I disagree. If my machine is at securelevel > 0, schg is a damned :fine security mesasure to protect sensitive programs from being :trojaned. There's just no way around it short of having access to the :console. I have to disagree with your disagreement. Short of making every single program and configuration file in the entire system schg, all that happens is that the hacker trojans your machine some other (and possibly less detectable) way. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292211.f4TMBpB30316>