Date: Tue, 29 May 2001 22:10:18 -0700 From: Doug Barton <DougB@DougBarton.net> To: Vivek Khera <khera@kcilink.com> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <3B1480BA.3262FBA8@DougBarton.net> References: <15124.4635.887375.682204@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Vivek Khera wrote: > > Given some recent security issues with older versions of ssh, and that > some attacks involve replacing the ssh binary on compromized systems > to capture additional passwords, wouldn't it be prudent to mark the > ssh related binaries as schg? The rsh related ones already are so > marked, and it just seems to follow to me that ssh related binaries > should as well. > > If I set the flags manually, will it barf on make installworld next > time around or does installworld unset all schg flags before > installing? It does not. As you've encountered, there will be no consensus on adding schg to the default install of <foo>, so it's on you to adopt a suitable local policy. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B1480BA.3262FBA8>