From owner-freebsd-security  Wed Sep 15 16:20: 3 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24])
	by hub.freebsd.org (Postfix) with ESMTP id DA31B1514D
	for <security@FreeBSD.ORG>; Wed, 15 Sep 1999 16:19:47 -0700 (PDT)
	(envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id JAA12988;
	Thu, 16 Sep 1999 09:21:12 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199909152321.JAA12988@cheops.anu.edu.au>
Subject: Re: BPF on in 3.3-RC GENERIC kernel
To: brett@lariat.org (Brett Glass)
Date: Thu, 16 Sep 1999 09:21:11 +1000 (EST)
Cc: Harry_M_Leitzell@cmu.edu, security@FreeBSD.ORG
In-Reply-To: <4.2.0.58.19990915170025.048d0b00@localhost> from "Brett Glass" at Sep 15, 99 05:09:23 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Brett Glass, sie said:
> 
> Maybe it's a religious issue, or maybe some utility depends on it.

It's called "tcpdump" and it ships with FreeBSD, by default.

> But it might not be a good idea to let it be on from the get-go.
> If the machine is rooted, you've got an instant packet sniffer.

If the machine is rooted, you're fucked anyway, unless it's so wired
down with things using file flags that you can't even use vi any more.

> I plan to turn it off on EVERY install, and I sure wish it
> were that way to start.

Good for you.  At least those of us who use it don't have to turn
it on for EVERY install now :-)

Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message