From owner-freebsd-hackers  Sat Jul 31 19:48:30 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail.xmission.com (mail.xmission.com [198.60.22.22])
	by hub.freebsd.org (Postfix) with ESMTP id 51F9515290
	for <hackers@freebsd.org>; Sat, 31 Jul 1999 19:48:18 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from [204.68.178.39] (helo=softweyr.com)
	by mail.xmission.com with esmtp (Exim 2.12 #1)
	id 11Alf4-0007Wy-00; Sat, 31 Jul 1999 20:47:42 -0600
Message-ID: <37A3B54D.3DCB638C@softweyr.com>
Date: Sat, 31 Jul 1999 20:47:41 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: hackers@FreeBSD.ORG
Subject: Re: So, back on the topic of enabling bpf in GENERIC...
References: <8442.933363979@zippy.cdrom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Jordan K. Hubbard" wrote:
> 
> We got off onto a big tangent about switches and vlans and stuff and I
> learned a number of interesting things, don't get me wrong, but we
> still haven't established any consensus on the trade-offs of enabling
> bpf.  This wasn't meant to be a hypothetical discussion, I'm truly
> trying to measure the trade-off between enabling bpf and (by some
> fraction) opening things up to easier attack by sniffers in a
> root-compromise situation vs not having DHCP work properly at all
> after installation.
> 
> This is a clear security vs functionality issue and I need to get a
> good feel for which "cause" is ascendent here in knowing which way to
> jump on the matter.  Can we now hear the closing arguments from the
> pro and con folks?

Pro: it's not a vulnerability unless somebody has already cracked root.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
http://softweyr.com/                                           wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message