From owner-freebsd-net@freebsd.org Thu May 26 16:07:08 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97501B4BFB0 for ; Thu, 26 May 2016 16:07:08 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 163EF1CF6 for ; Thu, 26 May 2016 16:07:07 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id u4QG6fPS062380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 26 May 2016 18:06:42 +0200 (CEST) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-net@freebsd.org Received: from [10.58.0.10] (dadv@dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id u4QG6VXY060495 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 26 May 2016 23:06:32 +0700 (KRAT) (envelope-from eugen@grosbein.net) Subject: Re: [Bug 166255] [net] [patch] It should be possible to disable "promiscuous mode enabled" messages To: freebsd-net@freebsd.org References: Cc: Chris Hutchinson From: Eugene Grosbein Message-ID: <57471F08.1080908@grosbein.net> Date: Thu, 26 May 2016 23:06:32 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, LOCAL_FROM autolearn=no version=3.3.2 X-Spam-Report: * 0.0 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2016 16:07:08 -0000 Moving this to net@ per request. > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166255 > > --- Comment #26 from Chris Hutchinson --- > (In reply to eugen from comment #25) >> Default system behaviour is not changed. Reboot is required to disable >> logging after a change to loader.conf. So, no patching should be required to >> stay safe. > > I understand that. I also agree with you that syslog(3) is not an > ideal option, either. But as it stands, this new "switch" is still > a security risk -- it opens a potential "backdoor", however unlikely > some feel it might be. I'm just not sure that the need, outweighs > the risk. Is there /really/ no other possible solution. Must a > decision on this be made right now? Or could more time be given, > in hopes a better solution might be found? > > Lastly, I know status of this bug is essentially "closed", > and I apologize for responding so late. I would have responded > earlier. But I was sure a patch in this direction, would have > been rejected. The PR and patch make it possible to not log "promisc. mode changed" messages. In short, you insist that in should NOT be possible to disable those logs in any way, right? Eugene Grosbein