Date: Thu, 7 Sep 2006 13:32:26 +0100 From: "mal content" <artifact.one@googlemail.com> To: "Tom Rhodes" <trhodes@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: comments on handbook chapter Message-ID: <8e96a0b90609070532x3e7cde32wa31be4b88fb4bfc@mail.gmail.com> In-Reply-To: <20060907074007.5bc2c91e.trhodes@FreeBSD.org> References: <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com> <86ejun53cu.fsf@dwp.des.no> <20060907074007.5bc2c91e.trhodes@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/09/06, Tom Rhodes <trhodes@freebsd.org> wrote: > On Thu, 07 Sep 2006 13:21:37 +0200 > des@des.no (Dag-Erling Sm=F8rgrav) wrote: > > > "Travis H." <solinym@gmail.com> writes: > > > ``You do not want to overbuild your security or you will interfere > > > with the detection side, and detection is one of the single most > > > important aspects of any security mechanism. For example, it makes > > > little sense to set the schg flag (see chflags(1)) on every system > > > binary because while this may temporarily protect the binaries, it > > > prevents an attacker who has broken in from making an easily > > > detectable change that may result in your security mechanisms not > > > detecting the attacker at all.'' > > > > Uh? Since when do we have crap like that in the handbook? It should > > be removed with extreme prejudice. > > > > Grepping three of these lines, I cannot find it. Tell me Travis, > what URL did you read this from? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-intro.ht= ml > > -- > Tom Rhodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e96a0b90609070532x3e7cde32wa31be4b88fb4bfc>