So there is where that handbook paragraph came from. Kill it here too.

Remove a paragraph about over building security, it's a bit off. Discussed with: des, FreeBSD-security
svn path=/head/; revision=162139
2006-09-08 04:56:21 +00:00 · 2006-09-08 04:56:21 +00:00 · 8d3cfc6184 · 2020-12-20 02:59:44 +00:00
commit 8d3cfc6184
parent baa1277289
1 changed files with 1 additions and 14 deletions
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@ -23,7 +23,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 29, 2004
+.Dd September 8, 2006
 .Dt SECURITY 7
 .Os
 .Sh NAME
@ -54,19 +54,6 @@ Security is best implemented through a layered onion approach.
 In a nutshell,
 what you want to do is to create as many layers of security as are convenient
 and then carefully monitor the system for intrusions.
-You do not want to
-overbuild your security or you will interfere with the detection side, and
-detection is one of the single most important aspects of any security
-mechanism.
-For example, it makes little sense to set the
-.Cm schg
-flags
-(see
-.Xr chflags 1 )
-on every system binary because while this may temporarily protect the
-binaries, it prevents an attacker who has broken in from making an
-easily detectable change that may result in your security mechanisms not
-detecting the attacker at all.
 .Pp
 System security also pertains to dealing with various forms of attacks,
 including attacks that attempt to crash or otherwise make a system unusable