From owner-freebsd-stable  Tue May 29 17:26:22 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-66.dsl.lsan03.pacbell.net [63.207.60.66])
	by hub.freebsd.org (Postfix) with ESMTP id D0C3337B423
	for <stable@FreeBSD.ORG>; Tue, 29 May 2001 17:26:17 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id E8768671A4; Tue, 29 May 2001 17:26:16 -0700 (PDT)
Date: Tue, 29 May 2001 17:26:16 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Vivek Khera <khera@kcilink.com>
Cc: stable@FreeBSD.ORG
Subject: Re: adding "noschg" to ssh and friends
Message-ID: <20010529172616.A2903@xor.obsecurity.org>
References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <15124.7132.963202.560009@onceler.kciLink.com>; from khera@kcilink.com on Tue, May 29, 2001 at 05:59:56PM -0400
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 29, 2001 at 05:59:56PM -0400, Vivek Khera wrote:
> >>>>> "KK" =3D=3D Kris Kennaway <kris@obsecurity.org> writes:
>=20
> >> marked, and it just seems to follow to me that ssh related binaries
> >> should as well.
>=20
> KK> No; schg isn't a security feature, at best it's an anti-foot-shooting
> KK> feature to prevent accidental trashing of the file.
>=20
> I disagree.  If my machine is at securelevel > 0, schg is a damned
> fine security mesasure to protect sensitive programs from being
> trojaned.  There's just no way around it short of having access to the
> console.

Yes, there are lots of ways of removing schg flags (all involving a
reboot) unless you basically chflags -R schg /

Please consult the -security archives for a number of discussions of
this issue; it's come up several times.

It's not a totally useless security measure because I'm sure there are
some people who would be fooled by it, but it doesn't take that much
thought to get around unless you lock down your machine so tight as to
basically be un-maintainable.

Kris

--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7FD4oWry0BWjoQKURAsvaAKDp5rT8th1s8Bge/jOb8OBu5NW6HQCcCSMw
HQOAmB5y3ZPlAX3vH4Pt5JE=
=OpxF
-----END PGP SIGNATURE-----

--T4sUOijqQbZv57TR--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message