Re: comments on handbook chapter
"Travis H." <solinym@gmail.com> writes:
> ``You do not want to overbuild your security or you will interfere
> with the detection side, and detection is one of the single most
> important aspects of any security mechanism. For example, it makes
> little sense to set the schg flag (see chflags(1)) on every system
> binary because while this may temporarily protect the binaries, it
> prevents an attacker who has broken in from making an easily
> detectable change that may result in your security mechanisms not
> detecting the attacker at all.''
Uh? Since when do we have crap like that in the handbook? It should
be removed with extreme prejudice.
DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 14 篇):