comments on handbook chapter
Claude Buisson
cbuisson at nerim.net
Thu Sep 7 06:02:07 PDT 2006
Dag-Erling Smørgrav wrote:
> "Travis H." <solinym at gmail.com> writes:
>> ``You do not want to overbuild your security or you will interfere
>> with the detection side, and detection is one of the single most
>> important aspects of any security mechanism. For example, it makes
>> little sense to set the schg flag (see chflags(1)) on every system
>> binary because while this may temporarily protect the binaries, it
>> prevents an attacker who has broken in from making an easily
>> detectable change that may result in your security mechanisms not
>> detecting the attacker at all.''
>
> Uh? Since when do we have crap like that in the handbook? It should
> be removed with extreme prejudice.
>
> DES
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v
1.28 2000/03/25 00:19:02 jim Exp $
Claude Buisson
More information about the freebsd-security
mailing list