Date: Wed, 3 Feb 1999 15:35:44 +1030 (CDT) From: Mark Newton <newton@camtech.com.au> To: robert+freebsd@cyrus.watson.org Cc: jkh@zippy.cdrom.com, jmb@FreeBSD.ORG, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <199902030505.PAA19809@frenzy.ct> In-Reply-To: <Pine.BSF.3.96.990202233308.21838C-100000@fledge.watson.org> from Robert Watson at "Feb 2, 99 11:35:47 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > As Matt points out, the security limitations are not very clear: the > securelevel code generally requires a lot of modifications to the base > system, so my temptation is to ignore the issue, but create a securelevel > man page that discusses "things to do in making a securelevel-friendly > system", and add to it: disable bpf. In case this hasn't already been suggested (and apologies if it has): Make opens on /dev/bpf* fail if securelevel > 0 - mark --- Mark Newton Email: newton@camtech.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Camtech (SA), a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.camtech.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902030505.PAA19809>