On 07/09/06, Tom Rhodes <[EMAIL PROTECTED]> wrote:
On Thu, 07 Sep 2006 13:21:37 +0200
[EMAIL PROTECTED] (Dag-Erling Smørgrav) wrote:
> "Travis H." <[EMAIL PROTECTED]> writes:
> > ``You do not want to overbuild your security or you will interfere
> > with the detection side, and detection is one of the single most
> > important aspects of any security mechanism. For example, it makes
> > little sense to set the schg flag (see chflags(1)) on every system
> > binary because while this may temporarily protect the binaries, it
> > prevents an attacker who has broken in from making an easily
> > detectable change that may result in your security mechanisms not
> > detecting the attacker at all.''
>
> Uh? Since when do we have crap like that in the handbook? It should
> be removed with extreme prejudice.
>
Grepping three of these lines, I cannot find it. Tell me Travis,
what URL did you read this from?
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-intro.html
--
Tom Rhodes
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
