Date: Sat, 31 Jul 1999 20:47:41 -0600 From: Wes Peters <wes@softweyr.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <37A3B54D.3DCB638C@softweyr.com> References: <8442.933363979@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jordan K. Hubbard" wrote: > > We got off onto a big tangent about switches and vlans and stuff and I > learned a number of interesting things, don't get me wrong, but we > still haven't established any consensus on the trade-offs of enabling > bpf. This wasn't meant to be a hypothetical discussion, I'm truly > trying to measure the trade-off between enabling bpf and (by some > fraction) opening things up to easier attack by sniffers in a > root-compromise situation vs not having DHCP work properly at all > after installation. > > This is a clear security vs functionality issue and I need to get a > good feel for which "cause" is ascendent here in knowing which way to > jump on the matter. Can we now hear the closing arguments from the > pro and con folks? Pro: it's not a vulnerability unless somebody has already cracked root. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://softweyr.com/ wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37A3B54D.3DCB638C>