From owner-freebsd-hackers Fri Jul 30 16:39:44 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 4ABA2151A6; Fri, 30 Jul 1999 16:39:37 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id RAA77719; Fri, 30 Jul 1999 17:38:48 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA85055; Fri, 30 Jul 1999 17:40:42 -0600 (MDT) Message-Id: <199907302340.RAA85055@harmony.village.org> To: "Jordan K. Hubbard" Subject: Re: So, back on the topic of enabling bpf in GENERIC... Cc: "Brian F. Feldman" , hackers@FreeBSD.ORG In-reply-to: Your message of "Fri, 30 Jul 1999 13:06:13 PDT." <8605.933365173@zippy.cdrom.com> References: <8605.933365173@zippy.cdrom.com> Date: Fri, 30 Jul 1999 17:40:41 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <8605.933365173@zippy.cdrom.com> "Jordan K. Hubbard" writes: : It already is. That's not the question under discussion here - we're : talking about how to make things work in the post-installation boot : scenario. I'm in favor of having it in the kernel by default. With one proviso. Any place where we talk about locking down a FreeBSD machine, we'd need to make it explicit that bpf should be turned off when you wish to make it hard for intruders to get packets off your wire in a root compromize situation. I wonder if /dev/bpf should be disabled when secure level is > 1 or 2... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message