Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 May 2001 18:35:26 +0100
From:      Nik Clayton <nik@freebsd.org>
To:        Matt Dillon <dillon@earth.backplane.com>
Cc:        Mike Smith <msmith@FreeBSD.ORG>, stable@FreeBSD.ORG
Subject:   Re: adding "noschg" to ssh and friends
Message-ID:  <20010530183526.A94961@catkin.nothing-going-on.org>
In-Reply-To: <200105292334.f4TNYKg31968@earth.backplane.com>; from dillon@earth.backplane.com on Tue, May 29, 2001 at 04:34:20PM -0700
References:  <200105292336.f4TNaRT01704@mass.dis.org> <200105292334.f4TNYKg31968@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 29, 2001 at 04:34:20PM -0700, Matt Dillon wrote:
> :Er, Matt.  I appreciate what you're trying to say, but this argument is=
=20
> :logically invalid.  You could use it to argue that any security is a bad=
=20
> :idea because it forces people to do sneakier things.
>=20
>     I have to disagree.  Here, let me give a contrasting example:
>=20
>     * you schg a binary
>     * hacker breaks root
>     * hacker is unable to modify binary.  Whoopie.  Hacker decides to rm =
-rf
>       your data files instead.
>=20
>     Problem:  Hacker was still able to break root.  Setting schg on the
>     file didn't save you from that.

You missed a bit.

  "Cracker is unable to modify binary.  A trojan ssh is not installed,
   meaning that your passwords are not quietly stolen.  In a fit of=20
   frustration, cracker runs rm -rf.  This is quickly detected, you
   restore from backups, no other accounts are compromised."

N
--=20
FreeBSD: The Power to Serve             http://www.freebsd.org/
FreeBSD Documentation Project           http://www.freebsd.org/docproj/

          --- 15B8 3FFC DDB4 34B0 AA5F  94B7 93A8 0764 2C37 E375 ---

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjsVLoIACgkQk6gHZCw343W4jQCfSg0CnKcwgC02ZtodpY7kll2V
ISgAn3hc5h3ydN9eKsAKCxd9XdbWFtOJ
=qONB
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010530183526.A94961>