From owner-freebsd-stable  Tue May 29 16:29:50 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from riker.skynet.be (riker.skynet.be [195.238.3.132])
	by hub.freebsd.org (Postfix) with ESMTP id E532337B424
	for <stable@FreeBSD.ORG>; Tue, 29 May 2001 16:29:44 -0700 (PDT)
	(envelope-from sven.huster@mailsurf.com)
Received: from venus (adsl-34261.turboline.skynet.be [217.136.5.213])
	by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with SMTP id f4TNTNs04847;
	Wed, 30 May 2001 01:29:24 +0200 (MET DST)
	(envelope-from <sven.huster@mailsurf.com>)
From: "Sven Huster" <sven.huster@mailsurf.com>
To: "Matt Dillon" <dillon@earth.backplane.com>,
	"Seth" <seth@psychotic.aberrant.org>
Cc: "Vivek Khera" <khera@kcilink.com>, <stable@FreeBSD.ORG>
Subject: RE: adding "noschg" to ssh and friends
Date: Wed, 30 May 2001 01:30:34 +0200
Message-ID: <NGEPJANEPIDHMDLBLKMDGEBBCNAA.sven.huster@mailsurf.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
In-Reply-To: <200105292315.f4TNFOu31573@earth.backplane.com>
Importance: Normal
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

> -----Original Message-----
> From: owner-freebsd-stable@FreeBSD.ORG
> [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Matt Dillon
> Sent: 30 May, 2001 01:15
> To: Seth
> Cc: Vivek Khera; stable@FreeBSD.ORG
> Subject: Re: adding "noschg" to ssh and friends
> 
> 
> *This message was transferred with a trial version of 
> CommuniGate(tm) Pro*
> 
> :
> :Can we agree that it (that is, securelevel > 0 and schg on 
> selected binaries)
> :raises the bar a bit higher?  If so, it seems to me that it 
> might be worth
> :doing (though most appropriately on a user-by-user basis).
> :
> :Seth.
> 
>     Putting on my security hat... no.  All you are doing is 
> forcing the
>     hacker to use some more obscure and possibly less 
> detectable way to
>     compromise the machine.  So, in fact, you could be making 
> the problem
>     *worse*.


the arguments here are a little bit funny.
give the hacker the possibility otherwise he would do much
more evil things. uhhh...

i thought every single step to make a machine 
secure should be taken.

regards
Sven

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message