From owner-freebsd-security@FreeBSD.ORG  Thu Sep  7 11:40:22 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@FreeBSD.org
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9312716A4DD
	for <freebsd-security@FreeBSD.org>;
	Thu,  7 Sep 2006 11:40:22 +0000 (UTC)
	(envelope-from trhodes@FreeBSD.org)
Received: from pittgoth.com (ns1.pittgoth.com [216.38.206.188])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB6FA43D49
	for <freebsd-security@FreeBSD.org>;
	Thu,  7 Sep 2006 11:40:21 +0000 (GMT)
	(envelope-from trhodes@FreeBSD.org)
Received: from localhost (net-ix.gw.ai.net [205.134.160.6] (may be forged))
	(authenticated bits=0)
	by pittgoth.com (8.13.6/8.13.6) with ESMTP id k87BeFwv016577
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 7 Sep 2006 07:40:15 -0400 (EDT)
	(envelope-from trhodes@FreeBSD.org)
Date: Thu, 7 Sep 2006 07:40:07 -0400
From: Tom Rhodes <trhodes@FreeBSD.org>
To: des@des.no (Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?=)
Message-Id: <20060907074007.5bc2c91e.trhodes@FreeBSD.org>
In-Reply-To: <86ejun53cu.fsf@dwp.des.no>
References: <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com>
	<86ejun53cu.fsf@dwp.des.no>
Organization: The FreeBSD Project
X-Mailer: Sylpheed version 1.0.6 (GTK+ 1.2.10; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Thu, 07 Sep 2006 12:09:04 +0000
Cc: freebsd-security@FreeBSD.org, solinym@gmail.com
Subject: Re: comments on handbook chapter
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2006 11:40:22 -0000

On Thu, 07 Sep 2006 13:21:37 +0200
des@des.no (Dag-Erling Sm=F8rgrav) wrote:

> "Travis H." <solinym@gmail.com> writes:
> > ``You do not want to overbuild your security or you will interfere
> > with the detection side, and detection is one of the single most
> > important aspects of any security mechanism. For example, it makes
> > little sense to set the schg flag (see chflags(1)) on every system
> > binary because while this may temporarily protect the binaries, it
> > prevents an attacker who has broken in from making an easily
> > detectable change that may result in your security mechanisms not
> > detecting the attacker at all.''
>=20
> Uh?  Since when do we have crap like that in the handbook?  It should
> be removed with extreme prejudice.
>=20

Grepping three of these lines, I cannot find it.  Tell me Travis,
what URL did you read this from?

--=20
Tom Rhodes