Re: comments on handbook chapter
- From: Tom Rhodes <trhodes@xxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 07:40:07 -0400
On Thu, 07 Sep 2006 13:21:37 +0200
des@xxxxxx (Dag-Erling Smørgrav) wrote:
"Travis H." <solinym@xxxxxxxxx> writes:
``You do not want to overbuild your security or you will interfere
with the detection side, and detection is one of the single most
important aspects of any security mechanism. For example, it makes
little sense to set the schg flag (see chflags(1)) on every system
binary because while this may temporarily protect the binaries, it
prevents an attacker who has broken in from making an easily
detectable change that may result in your security mechanisms not
detecting the attacker at all.''
Uh? Since when do we have crap like that in the handbook? It should
be removed with extreme prejudice.
Grepping three of these lines, I cannot find it. Tell me Travis,
what URL did you read this from?
--
Tom Rhodes
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: comments on handbook chapter
- From: Dag-Erling Smørgrav
- Re: comments on handbook chapter
- From: mal content
- Re: comments on handbook chapter
- References:
- comments on handbook chapter
- From: Travis H.
- Re: comments on handbook chapter
- From: Dag-Erling Smørgrav
- comments on handbook chapter
- Prev by Date: Re: Getting GELI Keys from Floppy
- Next by Date: Re: Getting GELI Keys from Floppy
- Previous by thread: Re: comments on handbook chapter
- Next by thread: Re: comments on handbook chapter
- Index(es):
Relevant Pages
|
