Date: Sat, 31 Jul 1999 20:47:41 -0600 From: Wes Peters <wes@softweyr.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <37A3B54D.3DCB638C@softweyr.com> References: <8442.933363979@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jordan K. Hubbard" wrote:
>
> We got off onto a big tangent about switches and vlans and stuff and I
> learned a number of interesting things, don't get me wrong, but we
> still haven't established any consensus on the trade-offs of enabling
> bpf. This wasn't meant to be a hypothetical discussion, I'm truly
> trying to measure the trade-off between enabling bpf and (by some
> fraction) opening things up to easier attack by sniffers in a
> root-compromise situation vs not having DHCP work properly at all
> after installation.
>
> This is a clear security vs functionality issue and I need to get a
> good feel for which "cause" is ascendent here in knowing which way to
> jump on the matter. Can we now hear the closing arguments from the
> pro and con folks?
Pro: it's not a vulnerability unless somebody has already cracked root.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://softweyr.com/ wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37A3B54D.3DCB638C>