Date: Tue, 29 May 2001 16:34:20 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Mike Smith <msmith@FreeBSD.ORG> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <200105292334.f4TNYKg31968@earth.backplane.com> References: <200105292336.f4TNaRT01704@mass.dis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:Er, Matt. I appreciate what you're trying to say, but this argument is
:logically invalid. You could use it to argue that any security is a bad
:idea because it forces people to do sneakier things.
I have to disagree. Here, let me give a contrasting example:
* you schg a binary
* hacker breaks root
* hacker is unable to modify binary. Whoopie. Hacker decides to rm -rf
your data files instead.
Problem: Hacker was still able to break root. Setting schg on the
file didn't save you from that.
* you have a hole in telnetd
* you fix the hole
* hacker is unable to break root
No problem. Your solution prevented the hacker from breaking root
in the first place.
So what did setting schg accomplish? Did it prevent the hacker from
breaking into the machine? No. Did it prevent the hacker from
compromising the machine? Not unless you set schg on every single
file and binary (even the non-suid ones) in the system! Might it
cause the hacker to find some other way to compromise the machine,
perhaps a way that your current security scripts will not detect?
It sure could!
So: setting schg is worse then useless.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292334.f4TNYKg31968>