From owner-freebsd-security@FreeBSD.ORG Thu Sep 7 12:33:24 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A8C116A4FA for ; Thu, 7 Sep 2006 12:33:24 +0000 (UTC) (envelope-from artifact.one@googlemail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1EAF43DB8 for ; Thu, 7 Sep 2006 12:32:26 +0000 (GMT) (envelope-from artifact.one@googlemail.com) Received: by wx-out-0506.google.com with SMTP id i27so220036wxd for ; Thu, 07 Sep 2006 05:32:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qZla+lmXbGPbzmoVBNMw+KXRmfTViH864M7fZ6LtebRYGdel75dtDLnsKh+V3EnUcyaRLvUexuN9BqJhSNHgnUL7gPRbMLX9V4cwp2zcV1GczE+MDaToQUDpmpcAKRQbtT8ancmT8L5T0DewMHrHpHzLbM2uuoV6rURkFXKvqCQ= Received: by 10.90.120.6 with SMTP id s6mr147042agc; Thu, 07 Sep 2006 05:32:26 -0700 (PDT) Received: by 10.90.113.5 with HTTP; Thu, 7 Sep 2006 05:32:26 -0700 (PDT) Message-ID: <8e96a0b90609070532x3e7cde32wa31be4b88fb4bfc@mail.gmail.com> Date: Thu, 7 Sep 2006 13:32:26 +0100 From: "mal content" To: "Tom Rhodes" In-Reply-To: <20060907074007.5bc2c91e.trhodes@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <86ejun53cu.fsf@dwp.des.no> <20060907074007.5bc2c91e.trhodes@FreeBSD.org> Cc: freebsd-security@freebsd.org Subject: Re: comments on handbook chapter X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 12:33:24 -0000 On 07/09/06, Tom Rhodes wrote: > On Thu, 07 Sep 2006 13:21:37 +0200 > des@des.no (Dag-Erling Sm=F8rgrav) wrote: > > > "Travis H." writes: > > > ``You do not want to overbuild your security or you will interfere > > > with the detection side, and detection is one of the single most > > > important aspects of any security mechanism. For example, it makes > > > little sense to set the schg flag (see chflags(1)) on every system > > > binary because while this may temporarily protect the binaries, it > > > prevents an attacker who has broken in from making an easily > > > detectable change that may result in your security mechanisms not > > > detecting the attacker at all.'' > > > > Uh? Since when do we have crap like that in the handbook? It should > > be removed with extreme prejudice. > > > > Grepping three of these lines, I cannot find it. Tell me Travis, > what URL did you read this from? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-intro.ht= ml > > -- > Tom Rhodes