Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 May 2000 22:42:41 -0500
From:      "Jeffrey J. Mountin" <jeff-ml@mountin.net>
To:        stanislav shalunov <shalunov@att.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: envy.vuurwerk.nl daily run output
Message-ID:  <4.3.2.20000511222552.00c38dd0@207.227.119.2>
In-Reply-To: <87snvo8ovq.fsf@sharik.worldnet.att.net>
References:  <"Jeffrey J. Mountin"'s message of "Thu, 11 May 2000 20:10:41 -0500"> <20000509150609.L42267@vuurwerk.nl> <4.3.2.20000511192741.00c24ac0@207.227.119.2>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10:48 PM 5/11/00 -0400, stanislav shalunov wrote:
>"Jeffrey J. Mountin" <jeff-ml@mountin.net> writes:
>
> > You could always force the ownership of .ssh/ and any files under it
> > to root.
>
>But the owner of the home directory can just "mv .ssh ssh-forget-me".
>If the user already has an authorized_keys file, he'd probably notice.
>Otherwise, especially if he doesn't ssh out from that machine or it
>has a good known_hosts file it can go unnoticed.

Whoops, forgot to add the flag so that it could not be deleted or removed. 
<sigh>

>Or did you mean "...and check that ownership didn't change daily"?
>(They could move the directories around daily, too.)

No.  Without the flags set, that would just create more work and do little 
for security.


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.20000511222552.00c38dd0>