Date: Fri, 30 Jul 1999 17:40:41 -0600 From: Warner Losh <imp@village.org> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <199907302340.RAA85055@harmony.village.org> In-Reply-To: Your message of "Fri, 30 Jul 1999 13:06:13 PDT." <8605.933365173@zippy.cdrom.com> References: <8605.933365173@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <8605.933365173@zippy.cdrom.com> "Jordan K. Hubbard" writes: : It already is. That's not the question under discussion here - we're : talking about how to make things work in the post-installation boot : scenario. I'm in favor of having it in the kernel by default. With one proviso. Any place where we talk about locking down a FreeBSD machine, we'd need to make it explicit that bpf should be turned off when you wish to make it hard for intruders to get packets off your wire in a root compromize situation. I wonder if /dev/bpf should be disabled when secure level is > 1 or 2... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907302340.RAA85055>