Date: Wed, 30 May 2001 10:37:13 -0400 From: Vivek Khera <khera@kcilink.com> To: Matt Dillon <dillon@earth.backplane.com> Cc: Seth <seth@psychotic.aberrant.org>, stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <15125.1433.517037.245078@onceler.kciLink.com> In-Reply-To: <200105292315.f4TNFOu31573@earth.backplane.com> References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com> <200105292211.f4TMBpB30316@earth.backplane.com> <20010529183239.B14308@psychotic.aberrant.org> <200105292315.f4TNFOu31573@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "MD" == Matt Dillon <dillon@earth.backplane.com> writes: MD> Putting on my security hat... no. All you are doing is forcing the MD> hacker to use some more obscure and possibly less detectable way to MD> compromise the machine. So, in fact, you could be making the problem MD> *worse*. I guess in general, that may be correct. But wouldn't you want some reassurance that your only "secure" connection to the machine is not tamered with? That is, if your machine is compromised, and the only way you can connect to it is via a trojaned service, then you're really hosed. I think ssh should be protected from this type of attack. In any case, what about my other question? If I "schg" the ssh related executables and libs, will installworld croak or does it know to noschg all files first? I can't see that it does it even for the binaries that are schg in the system already (like rsh). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15125.1433.517037.245078>