Date: Thu, 07 Sep 2006 13:21:37 +0200 From: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?=) To: "Travis H." <solinym@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: comments on handbook chapter Message-ID: <86ejun53cu.fsf@dwp.des.no> In-Reply-To: <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com> (Travis H.'s message of "Wed, 6 Sep 2006 21:05:19 -0500") References: <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Travis H." <solinym@gmail.com> writes: > ``You do not want to overbuild your security or you will interfere > with the detection side, and detection is one of the single most > important aspects of any security mechanism. For example, it makes > little sense to set the schg flag (see chflags(1)) on every system > binary because while this may temporarily protect the binaries, it > prevents an attacker who has broken in from making an easily > detectable change that may result in your security mechanisms not > detecting the attacker at all.'' Uh? Since when do we have crap like that in the handbook? It should be removed with extreme prejudice. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ejun53cu.fsf>