Date: Wed, 3 Feb 1999 07:58:55 -0500 From: Adam Shostack <adam@homeport.org> To: Robert Watson <robert+freebsd@cyrus.watson.org>, "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <19990203075855.A22692@weathership.homeport.org> In-Reply-To: <Pine.BSF.3.96.990202233308.21838C-100000@fledge.watson.org>; from Robert Watson on Tue, Feb 02, 1999 at 11:35:47PM -0500 References: <9575.918011566@zippy.cdrom.com> <Pine.BSF.3.96.990202233308.21838C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 02, 1999 at 11:35:47PM -0500, Robert Watson wrote: | securelevel code generally requires a lot of modifications to the base | system, so my temptation is to ignore the issue, but create a securelevel | man page that discusses "things to do in making a securelevel-friendly | system", and add to it: disable bpf. The OpenBSD folks have done all the work needed to run a 'normal' system with securelevel 1. Its not a very agressive implementation at the level of what the attributes are set to, but its a baseline that FreeBSD could work from. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990203075855.A22692>