From owner-freebsd-questions Fri Sep 4 09:14:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA13363 for freebsd-questions-outgoing; Fri, 4 Sep 1998 09:14:31 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mailhub.scl.ameslab.gov (mailhub.scl.ameslab.gov [147.155.137.127]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA13358 for ; Fri, 4 Sep 1998 09:14:29 -0700 (PDT) (envelope-from ghelmer@scl.ameslab.gov) Received: from demios.ether.scl.ameslab.gov ([147.155.137.54] helo=demios.scl.ameslab.gov) by mailhub.scl.ameslab.gov with smtp (Exim 1.90 #1) id 0zEyU7-00006O-00; Fri, 4 Sep 1998 11:13:15 -0500 Date: Fri, 4 Sep 1998 11:13:13 -0500 (CDT) From: Guy Helmer Reply-To: Guy Helmer To: Raymond Hunter cc: "'Adam Maloney'" , freebsd-questions@FreeBSD.ORG Subject: RE: bpfilter In-Reply-To: <000a01bdd819$a7aa9bc0$be85f0d4@vanilla.acc-uk.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 4 Sep 1998, Raymond Hunter wrote: > >Hello, > > > >I have a FreeBSD machine setup as a secondary DNS and sendmail fallback for > >my network. I'd also like to use the machine as a network monitor. I > >downloaded a package (trafshow-2.0) which requires the berkely packet > filter > >to be enabled. > > > >In the FreeBSD handbook, there's a paragraph that talks about the bpfilter > >and how it can be a security risk to your network. What are the security > >risks of running bpfilter, and how should I set it up? > > Thr security risks relate to people who have root access on your box. People > with such access can use sniffer programs to listen for plain text passwords > etc. POP3 would thus be affected. If you and other admins are the only > people with root, there is no security risk. Unfortunately, there may be ways for normal users to gain root privileges via exploits against setuid programs or privileged daemons (although I don't know of any exploits to which 3.0-current or 2.2-stable systems are vulnerable). If you are concerned about this possibility, and if untrustworthy users are allowed on a system that has the bpfilter in the kernel, remove the setuid bits on any programs that aren't used and turn off any unused daemons that aren't needed. Be sure any remaining daemons in use don't have known security issues (such as an older version of qpopper). See Robert Watson's suidcontrol program (http://www.watson.org/fbsd-hardening/suidcontrol.html) if you want help with reviewing the setuid programs on your system. Guy Helmer Guy Helmer, Graduate Student, Iowa State University Dept. of Computer Science Research Assistant, Ames Laboratory --- ghelmer@scl.ameslab.gov Research Assistant, Dept. of Computer Science --- ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message