From owner-freebsd-stable  Wed May 30 10:43:20 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from nothing-going-on.demon.co.uk (pc-62-31-42-140-hy.blueyonder.co.uk [62.31.42.140])
	by hub.freebsd.org (Postfix) with ESMTP
	id A49C237B422; Wed, 30 May 2001 10:43:16 -0700 (PDT)
	(envelope-from nik@nothing-going-on.demon.co.uk)
Received: (from nik@localhost)
	by nothing-going-on.demon.co.uk (8.11.3/8.11.3) id f4UHZRI98361;
	Wed, 30 May 2001 18:35:27 +0100 (BST)
	(envelope-from nik)
Date: Wed, 30 May 2001 18:35:26 +0100
From: Nik Clayton <nik@freebsd.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Mike Smith <msmith@FreeBSD.ORG>, stable@FreeBSD.ORG
Subject: Re: adding "noschg" to ssh and friends
Message-ID: <20010530183526.A94961@catkin.nothing-going-on.org>
References: <200105292336.f4TNaRT01704@mass.dis.org> <200105292334.f4TNYKg31968@earth.backplane.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200105292334.f4TNYKg31968@earth.backplane.com>; from dillon@earth.backplane.com on Tue, May 29, 2001 at 04:34:20PM -0700
Organization: FreeBSD Project <URL:http://www.freebsd.org/>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 29, 2001 at 04:34:20PM -0700, Matt Dillon wrote:
> :Er, Matt.  I appreciate what you're trying to say, but this argument is=
=20
> :logically invalid.  You could use it to argue that any security is a bad=
=20
> :idea because it forces people to do sneakier things.
>=20
>     I have to disagree.  Here, let me give a contrasting example:
>=20
>     * you schg a binary
>     * hacker breaks root
>     * hacker is unable to modify binary.  Whoopie.  Hacker decides to rm =
-rf
>       your data files instead.
>=20
>     Problem:  Hacker was still able to break root.  Setting schg on the
>     file didn't save you from that.

You missed a bit.

  "Cracker is unable to modify binary.  A trojan ssh is not installed,
   meaning that your passwords are not quietly stolen.  In a fit of=20
   frustration, cracker runs rm -rf.  This is quickly detected, you
   restore from backups, no other accounts are compromised."

N
--=20
FreeBSD: The Power to Serve             http://www.freebsd.org/
FreeBSD Documentation Project           http://www.freebsd.org/docproj/

          --- 15B8 3FFC DDB4 34B0 AA5F  94B7 93A8 0764 2C37 E375 ---

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjsVLoIACgkQk6gHZCw343W4jQCfSg0CnKcwgC02ZtodpY7kll2V
ISgAn3hc5h3ydN9eKsAKCxd9XdbWFtOJ
=qONB
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message