Date: Tue, 29 May 2001 16:34:20 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Mike Smith <msmith@FreeBSD.ORG> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <200105292334.f4TNYKg31968@earth.backplane.com> References: <200105292336.f4TNaRT01704@mass.dis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:Er, Matt. I appreciate what you're trying to say, but this argument is :logically invalid. You could use it to argue that any security is a bad :idea because it forces people to do sneakier things. I have to disagree. Here, let me give a contrasting example: * you schg a binary * hacker breaks root * hacker is unable to modify binary. Whoopie. Hacker decides to rm -rf your data files instead. Problem: Hacker was still able to break root. Setting schg on the file didn't save you from that. * you have a hole in telnetd * you fix the hole * hacker is unable to break root No problem. Your solution prevented the hacker from breaking root in the first place. So what did setting schg accomplish? Did it prevent the hacker from breaking into the machine? No. Did it prevent the hacker from compromising the machine? Not unless you set schg on every single file and binary (even the non-suid ones) in the system! Might it cause the hacker to find some other way to compromise the machine, perhaps a way that your current security scripts will not detect? It sure could! So: setting schg is worse then useless. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292334.f4TNYKg31968>