Date: Wed, 30 May 2001 10:14:14 +0100 From: Simon Loader <simon@herculeez.com> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <3B14B9E6.4D5E4CF6@herculeez.com> References: <200105292336.f4TNaRT01704@mass.dis.org> <200105292334.f4TNYKg31968@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have to disagree. Here, let me give a contrasting example: > > * you schg a binary > * hacker breaks root > * hacker is unable to modify binary. Whoopie. Hacker decides to rm -rf > your data files instead. So they change sshd start up script, hack peoples paths so they run the hackers version of stuff. Modify the startup scripts to change security level ( this is possible isnt it???) and then change the file. if you schg one file you start having to do everything and then it becomes unmanageable. -- Simon Loader (side note on nis last time I was a nis admin (5 yrs ago?) when root on a one box I could su to another user (say an admin user) and then change there start up scripts. So I dont think NIS is that brilliant) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B14B9E6.4D5E4CF6>