From owner-freebsd-questions Tue Jul 9 20:27:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A39B837B400 for ; Tue, 9 Jul 2002 20:27:29 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id F028043E31 for ; Tue, 9 Jul 2002 20:27:28 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.5/8.12.5) id g6A3RQSQ015952; Tue, 9 Jul 2002 22:27:26 -0500 (CDT) (envelope-from dan) Date: Tue, 9 Jul 2002 22:27:26 -0500 From: Dan Nelson To: Jim Freeze Cc: questions@FreeBSD.ORG Subject: Re: bpf psuedo device Message-ID: <20020710032726.GC8625@dan.emsphone.com> References: <20020709225848.A15823@freeze.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020709225848.A15823@freeze.org> X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In the last episode (Jul 09), Jim Freeze said: > Unless I am mistaken, I just noticed that the GENERIC kernel > with 4.6 has the bpf psuedo device active by default. > Given the potential security problems, why is this not > commented out? Has the base install sufficiently protected > this from being a security risk? Or, is it a dependency for > something in the base install? > Since I am not running a DHCP server, I am comtemplating > rebuilding my kernel with it off. Does that sound like > a good thing to do? You just noticed this? :) bpf was enabled in GENERIC starting with FreeBSD 3.3, back in August 1999. revision 1.179 date: 1999/08/07 01:42:08; author: jkh; state: Exp; lines: +3 -3 Enable bpf by default. There was no significant dissention to my proposal of 2 weeks ago that this be done, and anyone who wishes to make bpf more selective according to securelevel or compile-time options is more than free to do so. See http://www.FreeBSD.org/cgi/mid.cgi?id=8442.933363979@zippy.cdrom.com and the many many replies for the details. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message