Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Jun 1997 21:22:13 -0400 (EDT)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Frank McCormick <gfm@readybox.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Minimum files for operation
Message-ID:  <199706270122.VAA28046@khavrinen.lcs.mit.edu>
In-Reply-To: <199706270029.RAA12178@angel.readybox.com>
References:  <199706270029.RAA12178@angel.readybox.com>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 26 Jun 1997 17:29:46 -0700, Frank McCormick <gfm@readybox.com> said:

> The security-related literature I've been through emphasizes the
> need to secure the hosts themselves, partly through removing any
> unneeded files.

This may have made sense in the past, when it was difficult to get a
binary from one place to another and have it still work.  This is no
longer the case; any attacker could simply create appropriate versions
of the binaries that he needs to do his dirty work.

It's probably more useful, instead, to learn how to use the security
features of the operating system to keep log files and system binaries
secure from inappropriate modification.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706270122.VAA28046>