From owner-freebsd-security Wed Feb 3 04:47:11 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA26401 for freebsd-security-outgoing; Wed, 3 Feb 1999 04:47:11 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from weathership.homeport.org (weathership.homeport.org [207.31.235.99]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA26394; Wed, 3 Feb 1999 04:47:09 -0800 (PST) (envelope-from adam@weathership.homeport.org) Received: (from adam@localhost) by weathership.homeport.org (8.8.8/8.8.5) id HAA22702; Wed, 3 Feb 1999 07:58:55 -0500 (EST) Message-ID: <19990203075855.A22692@weathership.homeport.org> Date: Wed, 3 Feb 1999 07:58:55 -0500 From: Adam Shostack To: Robert Watson , "Jordan K. Hubbard" Cc: "Jonathan M. Bresler" , woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump References: <9575.918011566@zippy.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i In-Reply-To: ; from Robert Watson on Tue, Feb 02, 1999 at 11:35:47PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Feb 02, 1999 at 11:35:47PM -0500, Robert Watson wrote: | securelevel code generally requires a lot of modifications to the base | system, so my temptation is to ignore the issue, but create a securelevel | man page that discusses "things to do in making a securelevel-friendly | system", and add to it: disable bpf. The OpenBSD folks have done all the work needed to run a 'normal' system with securelevel 1. Its not a very agressive implementation at the level of what the attributes are set to, but its a baseline that FreeBSD could work from. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message