So there is where that handbook paragraph came from. Kill it here too.

Remove a paragraph about over building security, it's a bit off.

Discussed with: des, FreeBSD-security

1 files changed, 1 insertions, 14 deletions

diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index 8a3aee3e967b..68cec46c83ad 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -23,7 +23,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 29, 2004
+.Dd September 8, 2006
 .Dt SECURITY 7
 .Os
 .Sh NAME
@@ -54,19 +54,6 @@ Security is best implemented through a layered onion approach.
 In a nutshell,
 what you want to do is to create as many layers of security as are convenient
 and then carefully monitor the system for intrusions.
-You do not want to
-overbuild your security or you will interfere with the detection side, and
-detection is one of the single most important aspects of any security
-mechanism.
-For example, it makes little sense to set the
-.Cm schg
-flags
-(see
-.Xr chflags 1 )
-on every system binary because while this may temporarily protect the
-binaries, it prevents an attacker who has broken in from making an
-easily detectable change that may result in your security mechanisms not
-detecting the attacker at all.
 .Pp
 System security also pertains to dealing with various forms of attacks,
 including attacks that attempt to crash or otherwise make a system unusable