From owner-freebsd-hackers  Sat Jul 31 16:31:58 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3090B14E25; Sat, 31 Jul 1999 16:31:51 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id RAA82038;
	Sat, 31 Jul 1999 17:31:50 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA94671; Sat, 31 Jul 1999 17:33:55 -0600 (MDT)
Message-Id: <199907312333.RAA94671@harmony.village.org>
To: Christopher Masto <chris@netmonger.net>
Subject: Re: So, back on the topic of enabling bpf in GENERIC... 
Cc: "Brian F. Feldman" <green@FreeBSD.ORG>,
	"Jordan K. Hubbard" <jkh@zippy.cdrom.com>, hackers@FreeBSD.ORG
In-reply-to: Your message of "Sat, 31 Jul 1999 15:44:58 EDT."
		<19990731154458.A2068@netmonger.net> 
References: <19990731154458.A2068@netmonger.net>  <Pine.BSF.4.10.9907301619280.6951-100000@janus.syracuse.net> <199907302342.RAA85088@harmony.village.org> 
Date: Sat, 31 Jul 1999 17:33:55 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <19990731154458.A2068@netmonger.net> Christopher Masto writes:
: I hope you mean "> 1".  I often diagnose problems using tcpdump etc.,
: and I don't think bpf should be broken just because someone wants the
: minor "flags can't be turned off" feature of level 1.

Flags can't be turned off at level 1, and raw devices cannot be
accessed:
     1     Secure mode - the system immutable and system append-only flags may
           not be turned off; disks for mounted filesystems, /dev/mem, and
           /dev/kmem may not be opened for writing.

Notice that raw devices cannot be opened...

: It seems to be that disabling bpf is more appropriate for security
: level 2 and up, if such a thing is desirable.  I'm not sure it is.

     2     Highly secure mode - same as secure mode, plus disks may not be
           opened for writing (except by mount(2))  whether mounted or not.
           This level precludes tampering with filesystems by unmounting them,
           but also inhibits running newfs(8) while the system is multi-user.
and

     3     Network secure mode - same as highly secure mode, plus IP packet
           filter rules (see ipfw(8) and ipfirewall(4))  cannot be changed and
           dummynet(4) configuration cannot be adjusted.

I could see arguments for both levels....

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message