Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 May 2001 10:14:14 +0100
From:      Simon Loader <simon@herculeez.com>
Cc:        stable@FreeBSD.ORG
Subject:   Re: adding "noschg" to ssh and friends
Message-ID:  <3B14B9E6.4D5E4CF6@herculeez.com>
References:  <200105292336.f4TNaRT01704@mass.dis.org> <200105292334.f4TNYKg31968@earth.backplane.com>

next in thread | previous in thread | raw e-mail | index | archive | help

>     I have to disagree.  Here, let me give a contrasting example:
> 
>     * you schg a binary
>     * hacker breaks root
>     * hacker is unable to modify binary.  Whoopie.  Hacker decides to rm -rf
>       your data files instead.

So they change sshd start up script, hack peoples paths so they run the
hackers version of stuff. Modify the startup scripts to change security
level ( this is possible isnt it???) and then change the file.

if you schg one file you start having to do everything and then
it becomes unmanageable.

-- 
Simon Loader

(side note on nis last time I was a nis admin (5 yrs ago?)
when root on a one box I could su to another user (say an admin user)
and then change there start up scripts. So I dont 
think NIS is that brilliant)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B14B9E6.4D5E4CF6>