From owner-freebsd-stable  Tue May 29 16:27:50 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mass.dis.org (cust-P5-R6-49.POOL.ESR.SJO.wwc.com [206.112.109.49])
	by hub.freebsd.org (Postfix) with ESMTP id C8DC637B424
	for <stable@FreeBSD.ORG>; Tue, 29 May 2001 16:27:46 -0700 (PDT)
	(envelope-from msmith@mass.dis.org)
Received: from mass.dis.org (localhost [127.0.0.1])
	by mass.dis.org (8.11.3/8.11.3) with ESMTP id f4TNaRT01704;
	Tue, 29 May 2001 16:36:28 -0700 (PDT)
	(envelope-from msmith@mass.dis.org)
Message-Id: <200105292336.f4TNaRT01704@mass.dis.org>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Matt Dillon <dillon@earth.backplane.com>
Cc: stable@FreeBSD.ORG
Subject: Re: adding "noschg" to ssh and friends 
In-reply-to: Your message of "Tue, 29 May 2001 16:15:24 PDT."
             <200105292315.f4TNFOu31573@earth.backplane.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 29 May 2001 16:36:27 -0700
From: Mike Smith <msmith@freebsd.org>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

> :Can we agree that it (that is, securelevel > 0 and schg on selected binaries)
> :raises the bar a bit higher?  If so, it seems to me that it might be worth
> :doing (though most appropriately on a user-by-user basis).
> :
> :Seth.
> 
>     Putting on my security hat... no.  All you are doing is forcing the
>     hacker to use some more obscure and possibly less detectable way to
>     compromise the machine.  So, in fact, you could be making the problem
>     *worse*.

Er, Matt.  I appreciate what you're trying to say, but this argument is 
logically invalid.  You could use it to argue that any security is a bad 
idea because it forces people to do sneakier things.

The real reason why setting schg is bad is because it's a major pain in
the arse.  All security is a tradeoff against functionality/ease of use, 
and the proposed policy goes too far the wrong way.

Yes, there are good arguments for making it easy to lock a system down; 
the steps involved in this process should be considered a lot more 
carefully though - we're seeing a lot of armchair generalship and very 
little high-level thought being applied here. 8(


-- 
... every activity meets with opposition, everyone who acts has his
rivals and unfortunately opponents also.  But not because people want
to be opponents, rather because the tasks and relationships force
people to take different points of view.  [Dr. Fritz Todt]
           V I C T O R Y   N O T   V E N G E A N C E



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message