Date: Wed, 30 May 2001 01:30:34 +0200 From: "Sven Huster" <sven.huster@mailsurf.com> To: "Matt Dillon" <dillon@earth.backplane.com>, "Seth" <seth@psychotic.aberrant.org> Cc: "Vivek Khera" <khera@kcilink.com>, <stable@FreeBSD.ORG> Subject: RE: adding "noschg" to ssh and friends Message-ID: <NGEPJANEPIDHMDLBLKMDGEBBCNAA.sven.huster@mailsurf.com> In-Reply-To: <200105292315.f4TNFOu31573@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-stable@FreeBSD.ORG > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Matt Dillon > Sent: 30 May, 2001 01:15 > To: Seth > Cc: Vivek Khera; stable@FreeBSD.ORG > Subject: Re: adding "noschg" to ssh and friends > > > *This message was transferred with a trial version of > CommuniGate(tm) Pro* > > : > :Can we agree that it (that is, securelevel > 0 and schg on > selected binaries) > :raises the bar a bit higher? If so, it seems to me that it > might be worth > :doing (though most appropriately on a user-by-user basis). > : > :Seth. > > Putting on my security hat... no. All you are doing is > forcing the > hacker to use some more obscure and possibly less > detectable way to > compromise the machine. So, in fact, you could be making > the problem > *worse*. the arguments here are a little bit funny. give the hacker the possibility otherwise he would do much more evil things. uhhh... i thought every single step to make a machine secure should be taken. regards Sven To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NGEPJANEPIDHMDLBLKMDGEBBCNAA.sven.huster>