View Single Post
  #9   (View Single Post)  
Old 28th August 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,292

Originally Posted by revzalot View Post
...for security...
I agree with the majority of users (and developers) that not having comp*.tgz available does more harm than good -- in that admins who don't have maintenance tools available don't maintain properly. And an out-of-date system has more risks than an up-to-date one, if everything else is equal.

If, like some, you believe it "enhances" system security to not have your tool sets on board, that's fine ... as long as you have the tools on a second machine of the same architecture, so that you can build a release(8) for your production platform whenever needed.

As for file flags ... yes, they can be very helpful. I use "uchg" or "uappnd" for for things I don't want damaged in $HOME or other common working directories, that might be susceptable to a finger fumble.

But I think that on a system which is already limited -- we typically don't invite random people to have shell accounts on our most carefully controlled systems, and if we're careful, we only allow strong authentication (such as public key) methods for log on to those few shell accounts present -- that the system flags and securelevel 2 cause more trouble for an admin than their value. Do you really want to shut down critical services in order to jump into single-user mode for otherwise non-disruptive maintenance tasks? See white's Add HD thread for an example of a slap-on-the-forehead caused by an admin attempting to "harden" a platform.

Why do I say they're more trouble than value?

See this misc@ thread regarding file flags and securelevel:

See this OpenBSD Journal article regarding file flags and securelevel, including the links it references:

Last edited by jggimi; 28th August 2009 at 07:14 PM. Reason: typos, clarification
Reply With Quote