Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Sep 2006 07:40:07 -0400
From:      Tom Rhodes <trhodes@FreeBSD.org>
To:        des@des.no (Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?=)
Cc:        freebsd-security@FreeBSD.org, solinym@gmail.com
Subject:   Re: comments on handbook chapter
Message-ID:  <20060907074007.5bc2c91e.trhodes@FreeBSD.org>
In-Reply-To: <86ejun53cu.fsf@dwp.des.no>
References:  <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com> <86ejun53cu.fsf@dwp.des.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 07 Sep 2006 13:21:37 +0200
des@des.no (Dag-Erling Sm=F8rgrav) wrote:

> "Travis H." <solinym@gmail.com> writes:
> > ``You do not want to overbuild your security or you will interfere
> > with the detection side, and detection is one of the single most
> > important aspects of any security mechanism. For example, it makes
> > little sense to set the schg flag (see chflags(1)) on every system
> > binary because while this may temporarily protect the binaries, it
> > prevents an attacker who has broken in from making an easily
> > detectable change that may result in your security mechanisms not
> > detecting the attacker at all.''
>=20
> Uh?  Since when do we have crap like that in the handbook?  It should
> be removed with extreme prejudice.
>=20

Grepping three of these lines, I cannot find it.  Tell me Travis,
what URL did you read this from?

--=20
Tom Rhodes



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060907074007.5bc2c91e.trhodes>