Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 May 2001 16:15:24 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Seth <seth@psychotic.aberrant.org>
Cc:        Vivek Khera <khera@kcilink.com>, stable@FreeBSD.ORG
Subject:   Re: adding "noschg" to ssh and friends
Message-ID:  <200105292315.f4TNFOu31573@earth.backplane.com>
References:  <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com> <200105292211.f4TMBpB30316@earth.backplane.com> <20010529183239.B14308@psychotic.aberrant.org>

next in thread | previous in thread | raw e-mail | index | archive | help

:
:Can we agree that it (that is, securelevel > 0 and schg on selected binaries)
:raises the bar a bit higher?  If so, it seems to me that it might be worth
:doing (though most appropriately on a user-by-user basis).
:
:Seth.

    Putting on my security hat... no.  All you are doing is forcing the
    hacker to use some more obscure and possibly less detectable way to
    compromise the machine.  So, in fact, you could be making the problem
    *worse*.

						-Matt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292315.f4TNFOu31573>