From owner-freebsd-security Tue Feb 2 20:35:54 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12960 for freebsd-security-outgoing; Tue, 2 Feb 1999 20:35:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12947; Tue, 2 Feb 1999 20:35:52 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id XAA25416; Tue, 2 Feb 1999 23:35:48 -0500 (EST) Date: Tue, 2 Feb 1999 23:35:47 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Jordan K. Hubbard" cc: "Jonathan M. Bresler" , woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump In-Reply-To: <9575.918011566@zippy.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2 Feb 1999, Jordan K. Hubbard wrote: > OK, time to raise this topic again. What to people think about > enabling bpfilter by default in GENERIC? > > And before everyone screams "That would not be BSD!" let me just > note that NetBSD and probably OpenBSD (haven't looked) already do > this. I'd love to see this. This would enable applications like DHCP out of the box, which is probably desirable from a notebook perspective. As Matt points out, the security limitations are not very clear: the securelevel code generally requires a lot of modifications to the base system, so my temptation is to ignore the issue, but create a securelevel man page that discusses "things to do in making a securelevel-friendly system", and add to it: disable bpf. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message