From owner-freebsd-security@FreeBSD.ORG  Thu Sep  7 13:02:07 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2CEB416A4E0
	for <freebsd-security@freebsd.org>;
	Thu,  7 Sep 2006 13:02:07 +0000 (UTC)
	(envelope-from cbuisson@nerim.net)
Received: from kraid.nerim.net (smtp-104-thursday.nerim.net [62.4.16.104])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BD84943D5E
	for <freebsd-security@freebsd.org>;
	Thu,  7 Sep 2006 13:02:05 +0000 (GMT)
	(envelope-from cbuisson@nerim.net)
Received: from localhost (cbuisson.pck.nerim.net [80.65.227.128])
	by kraid.nerim.net (Postfix) with ESMTP id 9104140F5B;
	Thu,  7 Sep 2006 15:02:03 +0200 (CEST)
Message-ID: <4500184B.8010206@nerim.net>
Date: Thu, 07 Sep 2006 15:02:03 +0200
From: Claude Buisson <cbuisson@nerim.net>
User-Agent: Thunderbird 1.5.0.5 (X11/20060729)
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <d4f1333a0609061905y709843ecm454509067925a7ca@mail.gmail.com>
	<86ejun53cu.fsf@dwp.des.no>
In-Reply-To: <86ejun53cu.fsf@dwp.des.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org, "Travis H." <solinym@gmail.com>
Subject: Re: comments on handbook chapter
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2006 13:02:07 -0000

Dag-Erling Sm=F8rgrav wrote:
> "Travis H." <solinym@gmail.com> writes:
>> ``You do not want to overbuild your security or you will interfere
>> with the detection side, and detection is one of the single most
>> important aspects of any security mechanism. For example, it makes
>> little sense to set the schg flag (see chflags(1)) on every system
>> binary because while this may temporarily protect the binaries, it
>> prevents an attacker who has broken in from making an easily
>> detectable change that may result in your security mechanisms not
>> detecting the attacker at all.''
>=20
> Uh?  Since when do we have crap like that in the handbook?  It should
> be removed with extreme prejudice.
>=20
> DES


$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v=20
1.28 2000/03/25 00:19:02 jim Exp $

Claude Buisson