From owner-freebsd-security Thu Jun 26 18:22:20 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id SAA25164 for security-outgoing; Thu, 26 Jun 1997 18:22:20 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA25159 for ; Thu, 26 Jun 1997 18:22:17 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.5/8.8.5) id VAA28046; Thu, 26 Jun 1997 21:22:13 -0400 (EDT) Date: Thu, 26 Jun 1997 21:22:13 -0400 (EDT) From: Garrett Wollman Message-Id: <199706270122.VAA28046@khavrinen.lcs.mit.edu> To: Frank McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Minimum files for operation In-Reply-To: <199706270029.RAA12178@angel.readybox.com> References: <199706270029.RAA12178@angel.readybox.com> Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk < said: > The security-related literature I've been through emphasizes the > need to secure the hosts themselves, partly through removing any > unneeded files. This may have made sense in the past, when it was difficult to get a binary from one place to another and have it still work. This is no longer the case; any attacker could simply create appropriate versions of the binaries that he needs to do his dirty work. It's probably more useful, instead, to learn how to use the security features of the operating system to keep log files and system binaries secure from inappropriate modification. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick