Date: Wed, 01 Mar 2000 13:01:24 -0700 From: Warner Losh <imp@village.org> To: Andrey Novikov <scriber@webclub.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: schg flag Message-ID: <200003012001.NAA96951@harmony.village.org> In-Reply-To: Your message of "Tue, 29 Feb 2000 21:40:00 %2B0300." <00022921443000.05868@novikov.web2000.ru> References: <00022921443000.05868@novikov.web2000.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <00022921443000.05868@novikov.web2000.ru> Andrey Novikov writes: : Hello, : : It seems to me that it will be more secure for my : public server to say at least: : : chflags schg /bin/* : chflags schg /sbin/* : chflags schg /usr/bin/* : chflags schg /usr/sbin/* : chflags schg /usr/local/bin/* : chflags schg /usr/local/sbin/* : : to prevent any troyans in my system binaries, am I wrong? It will make the much less likely to happen, but you've forgotten all the /etc/rc* scripts, which can be used to drive a torjan truck through the secure level stuff. : Would it confuse future makeworlds on that system? Don't know. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003012001.NAA96951>