Date: 11 May 2000 22:48:41 -0400 From: stanislav shalunov <shalunov@att.com> To: "Jeffrey J. Mountin" <jeff-ml@mountin.net> Cc: freebsd-security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <87snvo8ovq.fsf@sharik.worldnet.att.net> In-Reply-To: "Jeffrey J. Mountin"'s message of "Thu, 11 May 2000 20:10:41 -0500" References: <20000509150609.L42267@vuurwerk.nl> <4.3.2.20000511192741.00c24ac0@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jeffrey J. Mountin" <jeff-ml@mountin.net> writes: > You could always force the ownership of .ssh/ and any files under it > to root. But the owner of the home directory can just "mv .ssh ssh-forget-me". If the user already has an authorized_keys file, he'd probably notice. Otherwise, especially if he doesn't ssh out from that machine or it has a good known_hosts file it can go unnoticed. Or did you mean "...and check that ownership didn't change daily"? (They could move the directories around daily, too.) -- stanislav shalunov | Speaking only for myself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87snvo8ovq.fsf>