Date: Wed, 3 Feb 1999 13:03:01 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <19990203130301.J8749@bitbox.follo.net> In-Reply-To: <10028.918017059@zippy.cdrom.com>; from Jordan K. Hubbard on Tue, Feb 02, 1999 at 08:44:19PM -0800 References: <Pine.BSF.3.96.990202233308.21838C-100000@fledge.watson.org> <10028.918017059@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 02, 1999 at 08:44:19PM -0800, Jordan K. Hubbard wrote: > Well, Garrett is quite against it but I will note that it's the DHCP > people complaining to me that they were getting FreeBSD tech support > calls where they didn't get any for NetBSD that got me thinking about > it again. Since the guy doing DHCP support is also Ted Lemon, he > probably just tells them to load NetBSD and stop dinking with a toy > operating system. :-) > > Actually, I'm sure that Ted doesn't say this, but it'd still be a > shame if we ended up losing this functionality issue on security > arguments when and if it later became clear that no real security was > being imparted (the old "leave the window open and the door locked" > fallacy). There is one way around this that give us most of the advantages at reasonably low security cost. Add a securelevel-like knob for bpf, and default to turning it off somewhat into rc - after running rc.conf. This forces crackers to reboot the machine to get at bpf, which at least is much more likely to be noticed. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990203130301.J8749>