Re: comments on handbook chapter
- From: Tom Rhodes <trhodes@xxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 07:40:07 -0400
On Thu, 07 Sep 2006 13:21:37 +0200
des@xxxxxx (Dag-Erling Smørgrav) wrote:
"Travis H." <solinym@xxxxxxxxx> writes:
``You do not want to overbuild your security or you will interfere
with the detection side, and detection is one of the single most
important aspects of any security mechanism. For example, it makes
little sense to set the schg flag (see chflags(1)) on every system
binary because while this may temporarily protect the binaries, it
prevents an attacker who has broken in from making an easily
detectable change that may result in your security mechanisms not
detecting the attacker at all.''
Uh? Since when do we have crap like that in the handbook? It should
be removed with extreme prejudice.
Grepping three of these lines, I cannot find it. Tell me Travis,
what URL did you read this from?
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: Getting GELI Keys from Floppy
- Next by Date: Re: Getting GELI Keys from Floppy
- Previous by thread: Re: comments on handbook chapter
- Next by thread: Re: comments on handbook chapter