From owner-freebsd-security Wed Mar 1 12: 2:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8C0F837C4E4 for ; Wed, 1 Mar 2000 12:01:40 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA33977; Wed, 1 Mar 2000 13:01:33 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA96951; Wed, 1 Mar 2000 13:01:24 -0700 (MST) Message-Id: <200003012001.NAA96951@harmony.village.org> To: Andrey Novikov Subject: Re: schg flag Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 29 Feb 2000 21:40:00 +0300." <00022921443000.05868@novikov.web2000.ru> References: <00022921443000.05868@novikov.web2000.ru> Date: Wed, 01 Mar 2000 13:01:24 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <00022921443000.05868@novikov.web2000.ru> Andrey Novikov writes: : Hello, : : It seems to me that it will be more secure for my : public server to say at least: : : chflags schg /bin/* : chflags schg /sbin/* : chflags schg /usr/bin/* : chflags schg /usr/sbin/* : chflags schg /usr/local/bin/* : chflags schg /usr/local/sbin/* : : to prevent any troyans in my system binaries, am I wrong? It will make the much less likely to happen, but you've forgotten all the /etc/rc* scripts, which can be used to drive a torjan truck through the secure level stuff. : Would it confuse future makeworlds on that system? Don't know. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message