From owner-freebsd-security Wed Feb 3 00:48:32 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA25106 for freebsd-security-outgoing; Wed, 3 Feb 1999 00:48:32 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA25087; Wed, 3 Feb 1999 00:48:26 -0800 (PST) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id TAA25279; Wed, 3 Feb 1999 19:48:03 +1100 (EDT) From: Darren Reed Message-Id: <199902030848.TAA25279@cheops.anu.edu.au> Subject: Re: tcpdump To: dillon@apollo.backplane.com (Matthew Dillon) Date: Wed, 3 Feb 1999 19:48:03 +1100 (EDT) Cc: jkh@zippy.cdrom.com, jmb@FreeBSD.ORG, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG In-Reply-To: <199902030352.TAA42425@apollo.backplane.com> from "Matthew Dillon" at Feb 2, 99 07:52:13 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Matthew Dillon, sie said: > > :OK, time to raise this topic again. What to people think about > :enabling bpfilter by default in GENERIC? > : > :And before everyone screams "That would not be BSD!" let me just > :note that NetBSD and probably OpenBSD (haven't looked) already do > :this. > : > :- Jordan > > Well, not having bpfilter enabled by default doesn't > really enhance security since the kernel module loader > *is* enabled by default. Still, perhaps it would be > a good idea to lockout new open()'s on bpf when the > secure level is > 0. The module loader already disables > itself when securelevel > 0. I think not. *maybe* disallow promiscous mode. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message