Date: Thu, 07 Sep 2006 15:02:03 +0200 From: Claude Buisson <cbuisson@nerim.net> To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, "Travis H." <solinym@gmail.com> Subject: Re: comments on handbook chapter Message-ID: <4500184B.8010206@nerim.net> In-Reply-To: <86ejun53cu.fsf@dwp.des.no> References: <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com> <86ejun53cu.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Sm=F8rgrav wrote: > "Travis H." <solinym@gmail.com> writes: >> ``You do not want to overbuild your security or you will interfere >> with the detection side, and detection is one of the single most >> important aspects of any security mechanism. For example, it makes >> little sense to set the schg flag (see chflags(1)) on every system >> binary because while this may temporarily protect the binaries, it >> prevents an attacker who has broken in from making an easily >> detectable change that may result in your security mechanisms not >> detecting the attacker at all.'' >=20 > Uh? Since when do we have crap like that in the handbook? It should > be removed with extreme prejudice. >=20 > DES $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v=20 1.28 2000/03/25 00:19:02 jim Exp $ Claude Buisson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4500184B.8010206>