From owner-freebsd-security Wed Sep 15 19: 1:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from vasquez.zip.com.au (vasquez.zip.com.au [203.12.97.41]) by hub.freebsd.org (Postfix) with ESMTP id 102C1153B3 for ; Wed, 15 Sep 1999 19:01:28 -0700 (PDT) (envelope-from ncb@zip.com.au) Received: from zipperii.zip.com.au (ncb@zipperii.zip.com.au [203.12.97.87]) by vasquez.zip.com.au (8.9.2/8.9.1) with ESMTP id LAA04070; Thu, 16 Sep 1999 11:47:37 +1000 (EST) Date: Thu, 16 Sep 1999 12:02:39 +1000 (EST) From: Nicholas Brawn To: Brett Glass Cc: "Harry M. Leitzell" , security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel In-Reply-To: <4.2.0.58.19990915170025.048d0b00@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Sep 1999, Brett Glass wrote: > Maybe it's a religious issue, or maybe some utility depends on it. > But it might not be a good idea to let it be on from the get-go. > If the machine is rooted, you've got an instant packet sniffer. > I plan to turn it off on EVERY install, and I sure wish it > were that way to start. > > --Brett > Yes, and let's include two kernels in the distribution. One for those who want BPF, and one for those who don't. Come on people, this issue is long past dead and buried. It is a simple matter to [dis|enable] BPF in the kernel. Rather than arguing about the default nature of such installs, why not promote user education about such security issues. Nick -- Email: ncb@zip.com.au (or) nicholas.brawn@hushmail.com Key fingerprint = 71C5 2EA8 903B 0BC4 8EEE 9122 7349 EADC 49C1 424E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message