From owner-freebsd-security  Wed May 10 23:24: 3 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.2.163])
	by hub.freebsd.org (Postfix) with ESMTP id 033F237B7E4
	for <security@freebsd.org>; Wed, 10 May 2000 23:23:53 -0700 (PDT)
	(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
	by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1)
	id 12pmLz-0009wd-00; Thu, 11 May 2000 08:21:47 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Mike Nowlin <mike@argos.org>
Cc: Mike Silbersack <silby@silby.com>,
	"Chris D. Faulhaber" <jedgar@fxp.org>,
	Peter van Dijk <petervd@vuurwerk.nl>, security@FreeBSD.ORG
Subject: Re: envy.vuurwerk.nl daily run output 
In-reply-to: Your message of "Thu, 11 May 2000 01:57:08 -0400."
             <Pine.LNX.4.05.10005110155420.167-100000@jason.argos.org> 
Date: Thu, 11 May 2000 08:21:47 +0200
Message-ID: <38229.958026107@axl.ops.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Thu, 11 May 2000 01:57:08 -0400, Mike Nowlin wrote:

> > I understand that diffing every user's authorized_keys would be a huge
> > pain, perhaps only root/toor need to be checked.
> 
> Or everyone in group 0 -- the people in that group should understand the
> relevance of changes in these files, and why ask for problems?

I don't think these ideas are useful for the generalized daily run.
They should remain local hacks (ideally with well-circulated patches)
until someone's done the work to make the daily security run
configurable, and even that needs patch circulation before further
discussion.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message