Date: Wed, 30 May 2001 21:14:44 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Seth <seth@psychotic.aberrant.org> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <20010530211444.A40244@mail.webmonster.de> In-Reply-To: <20010529183239.B14308@psychotic.aberrant.org>; from seth@psychotic.aberrant.org on Tue, May 29, 2001 at 06:32:39PM -0400 References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com> <200105292211.f4TMBpB30316@earth.backplane.com> <20010529183239.B14308@psychotic.aberrant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Seth(seth@psychotic.aberrant.org)@2001.05.29 18:32:39 +0000: > Can we agree that it (that is, securelevel > 0 and schg on selected binaries) > raises the bar a bit higher? If so, it seems to me that it might be worth > doing (though most appropriately on a user-by-user basis). there are some real high-impact tweaks to be a little bit safer from rootkits. one of them is mounting /tmp noexec. drawback: you got to remount it exec for make installworld. have fun, /k -- > die rechtschreibreform macht spas! KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7FUakM0BPTilkv0YRArkiAJ9EGKQrJ6DscL9tFDmEmK+XHEwZgQCgvVjD lebLVSQ8gQxKYPaPNemcWAI= =wTfs -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010530211444.A40244>