Re: comments on handbook chapter
- From: "R. B. Rid***" <arne_woerner@xxxxxxxxx>
- Date: Fri, 8 Sep 2006 10:50:45 -0700 (PDT)
--- Bigby Findrake <bigby@xxxxxxxxxxxxx> wrote:
On Wed, 6 Sep 2006, Travis H. wrote:Hmm...
Wouldn't it be better to detect /and/ prevent an attempt to change the
system binaries?
That's how I interpret that passage from the handbook - that you should
detect *and* prevent. I'm not clear on how anyone is interpreting that
passage to suggest that unequal weight should be given to one side or the
other (detection vs. prevention). The above passage all but says, "don't
do X because that will interfere with Y." I just don't see that advice as
advocating imbalance.
I think, this "schg flag"-thing should be done to all files, but invisible to a
potential attacker... <-- PROTECTION
When some attacker tries to get write access to that file or to move that file
around or so, it should result in a log message (like "BAD SU on ...")... <--
DETECTION (I think one of the first messages in this thread suggested that
already...)
And removing that flag shouldn't be possible so easy, too. Maybe just from the
physically safe console...
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: comments on handbook chapter
- From: Oliver Fromme
- Re: comments on handbook chapter
- References:
- Re: comments on handbook chapter
- From: Bigby Findrake
- Re: comments on handbook chapter
- Prev by Date: Re: comments on handbook chapter
- Next by Date: Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
- Previous by thread: Re: comments on handbook chapter
- Next by thread: Re: comments on handbook chapter
- Index(es):
