Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 May 2001 16:38:44 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Robert Withrow <witr@rwwa.com>
Cc:        Seth <seth@psychotic.aberrant.org>, Vivek Khera <khera@kcilink.com>, stable@FreeBSD.ORG
Subject:   Re: adding "noschg" to ssh and friends 
Message-ID:  <200105292338.f4TNciU32058@earth.backplane.com>
References:   <200105292324.TAA73334@ns1.rwwa.com>

next in thread | previous in thread | raw e-mail | index | archive | help

:
:
:dillon@earth.backplane.com said:
::- Putting on my security hat... no.  All you are doing is forcing
::- the hacker to use some more obscure and possibly less detectable way
::- to compromise the machine.  So, in fact, you could be making the
::- problem *worse*. 
:
:Maybe your security hat needs cleaning?  The whole game is played by raising
:the cost of hacking.  Using your theory, we should eliminate all passwords.
:*Then* we'd be pretty sure no hacker would trouble himself by using any
:obscure hacking methods.  (Of course, that would be like windows, wouldn't
:it?)

    No, I didn't say that at all.  Using my theory, you don't eliminate all
    passwords, you move them off the machine (e.g. move to NIS or something)
    so if a hacker breaks into your multi-user box with a compromised password,
    he has no way to get the *REST* of the passwords (crypted or not) and
    break them offline.  So moving the passwords off the machine (or removing
    them) accomplishes something real.

    Setting schg on a file does not.  You think this would slow a hacker 
    down?  You think it's raising the bar?  It might raise the bar a millimeter
    or so if the hacker is even more stupid then your typical script kiddie.
    Otherwise, no.

    A prudent sysad implements security features that actually have a
    reasonable effect.  Setting schg on a file doesn't.  It might give
    you a false piece of mind, but it will have no positive effect and
    almost certainly have a major negative one.

    At BEST we monitored hackers all the time.  Do you want to know what
    they did when they got frustrated?  'rm -rf /' is what they did...
    fortunately, at BEST, the only times they did that was when they
    couldn't break root so all they did was wipe the user's account.  Once
    a hacker breaks root, all you can do is mitigate the damage... but
    before you can mitigate it, you have to *detect* that your machine 
    has actually been compromised.  The easiest way to detect 98% of
    compromised machines is to locate modified binaries or new suid
    binaries.  Take that away and you've just blown 98% of the effectiveness
    of your security system.

						-Matt




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105292338.f4TNciU32058>