From owner-freebsd-net@freebsd.org  Thu May 26 16:07:08 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97501B4BFB0
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu, 26 May 2016 16:07:08 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 163EF1CF6
 for <freebsd-net@freebsd.org>; Thu, 26 May 2016 16:07:07 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id u4QG6fPS062380
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Thu, 26 May 2016 18:06:42 +0200 (CEST)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: freebsd-net@freebsd.org
Received: from [10.58.0.10] (dadv@dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id u4QG6VXY060495
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Thu, 26 May 2016 23:06:32 +0700 (KRAT)
 (envelope-from eugen@grosbein.net)
Subject: Re: [Bug 166255] [net] [patch] It should be possible to disable
 "promiscuous mode enabled" messages
To: freebsd-net@freebsd.org
References: <bug-166255-2472@https.bugs.freebsd.org/bugzilla/>
 <bug-166255-2472-dwiwYgcnBC@https.bugs.freebsd.org/bugzilla/>
Cc: Chris Hutchinson <portmaster@bsdforge.com>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <57471F08.1080908@grosbein.net>
Date: Thu, 26 May 2016 23:06:32 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <bug-166255-2472-dwiwYgcnBC@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, 
 LOCAL_FROM autolearn=no version=3.3.2
X-Spam-Report: * 0.0 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after
 Received: date
 * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 16:07:08 -0000

Moving this to net@ per request.

> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166255
>
> --- Comment #26 from Chris Hutchinson <portmaster@bsdforge.com> ---
> (In reply to eugen from comment #25)
>> Default system behaviour is not changed. Reboot is required to disable
>> logging after a change to loader.conf. So, no patching should be required to
>> stay safe.
>
> I understand that. I also agree with you that syslog(3) is not an
> ideal option, either. But as it stands, this new "switch" is still
> a security risk -- it opens a potential "backdoor", however unlikely
> some feel it might be. I'm just not sure that the need, outweighs
> the risk. Is there /really/ no other possible solution. Must a
> decision on this be made right now? Or could more time be given,
> in hopes a better solution might be found?
>
> Lastly, I know status of this bug is essentially "closed",
> and I apologize for responding so late. I would have responded
> earlier. But I was sure a patch in this direction, would have
> been rejected.

The PR and patch make it possible to not log "promisc. mode changed" messages.
In short, you insist that in should NOT be possible to disable those logs
in any way, right?

Eugene Grosbein