From owner-freebsd-security  Wed Feb  3 04:03:12 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA19006
          for freebsd-security-outgoing; Wed, 3 Feb 1999 04:03:12 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA18998
          for <security@FreeBSD.ORG>; Wed, 3 Feb 1999 04:03:07 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id NAA16718;
	Wed, 3 Feb 1999 13:03:03 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id NAA18873;
	Wed, 3 Feb 1999 13:03:01 +0100 (MET)
Date: Wed, 3 Feb 1999 13:03:01 +0100
From: Eivind Eklund <eivind@FreeBSD.ORG>
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, security@FreeBSD.ORG
Subject: Re: tcpdump
Message-ID: <19990203130301.J8749@bitbox.follo.net>
References: <Pine.BSF.3.96.990202233308.21838C-100000@fledge.watson.org> <10028.918017059@zippy.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <10028.918017059@zippy.cdrom.com>; from Jordan K. Hubbard on Tue, Feb 02, 1999 at 08:44:19PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Feb 02, 1999 at 08:44:19PM -0800, Jordan K. Hubbard wrote:
> Well, Garrett is quite against it but I will note that it's the DHCP
> people complaining to me that they were getting FreeBSD tech support
> calls where they didn't get any for NetBSD that got me thinking about
> it again.  Since the guy doing DHCP support is also Ted Lemon, he
> probably just tells them to load NetBSD and stop dinking with a toy
> operating system. :-)
> 
> Actually, I'm sure that Ted doesn't say this, but it'd still be a
> shame if we ended up losing this functionality issue on security
> arguments when and if it later became clear that no real security was
> being imparted (the old "leave the window open and the door locked"
> fallacy).

There is one way around this that give us most of the advantages at
reasonably low security cost.  Add a securelevel-like knob for bpf,
and default to turning it off somewhat into rc - after running
rc.conf.

This forces crackers to reboot the machine to get at bpf, which
at least is much more likely to be noticed.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message