Date: Wed, 3 Feb 1999 19:48:03 +1100 (EDT) From: Darren Reed <avalon@coombs.anu.edu.au> To: dillon@apollo.backplane.com (Matthew Dillon) Cc: jkh@zippy.cdrom.com, jmb@FreeBSD.ORG, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <199902030848.TAA25279@cheops.anu.edu.au> In-Reply-To: <199902030352.TAA42425@apollo.backplane.com> from "Matthew Dillon" at Feb 2, 99 07:52:13 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Matthew Dillon, sie said: > > :OK, time to raise this topic again. What to people think about > :enabling bpfilter by default in GENERIC? > : > :And before everyone screams "That would not be BSD!" let me just > :note that NetBSD and probably OpenBSD (haven't looked) already do > :this. > : > :- Jordan > > Well, not having bpfilter enabled by default doesn't > really enhance security since the kernel module loader > *is* enabled by default. Still, perhaps it would be > a good idea to lockout new open()'s on bpf when the > secure level is > 0. The module loader already disables > itself when securelevel > 0. I think not. *maybe* disallow promiscous mode. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902030848.TAA25279>