Date: Tue, 29 May 2001 15:11:51 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Vivek Khera <khera@kcilink.com> Cc: stable@FreeBSD.ORG Subject: Re: adding "noschg" to ssh and friends Message-ID: <200105292211.f4TMBpB30316@earth.backplane.com> References: <15124.4635.887375.682204@onceler.kciLink.com> <20010529145609.A1209@xor.obsecurity.org> <15124.7132.963202.560009@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:>> marked, and it just seems to follow to me that ssh related binaries
:>> should as well.
:
:KK> No; schg isn't a security feature, at best it's an anti-foot-shooting
:KK> feature to prevent accidental trashing of the file.
:
:I disagree. If my machine is at securelevel > 0, schg is a damned
:fine security mesasure to protect sensitive programs from being
:trojaned. There's just no way around it short of having access to the
:console.
I have to disagree with your disagreement. Short of making every
single program and configuration file in the entire system schg, all
that happens is that the hacker trojans your machine some other (and
possibly less detectable) way.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292211.f4TMBpB30316>