Date: Tue, 9 Jul 2002 22:27:26 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Jim Freeze <jim@freeze.org> Cc: questions@FreeBSD.ORG Subject: Re: bpf psuedo device Message-ID: <20020710032726.GC8625@dan.emsphone.com> In-Reply-To: <20020709225848.A15823@freeze.org> References: <20020709225848.A15823@freeze.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jul 09), Jim Freeze said: > Unless I am mistaken, I just noticed that the GENERIC kernel > with 4.6 has the bpf psuedo device active by default. > Given the potential security problems, why is this not > commented out? Has the base install sufficiently protected > this from being a security risk? Or, is it a dependency for > something in the base install? > Since I am not running a DHCP server, I am comtemplating > rebuilding my kernel with it off. Does that sound like > a good thing to do? You just noticed this? :) bpf was enabled in GENERIC starting with FreeBSD 3.3, back in August 1999. revision 1.179 date: 1999/08/07 01:42:08; author: jkh; state: Exp; lines: +3 -3 Enable bpf by default. There was no significant dissention to my proposal of 2 weeks ago that this be done, and anyone who wishes to make bpf more selective according to securelevel or compile-time options is more than free to do so. See http://www.FreeBSD.org/cgi/mid.cgi?id=8442.933363979@zippy.cdrom.com and the many many replies for the details. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020710032726.GC8625>