Date: Tue, 3 Aug 1999 07:02:26 +1000 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <99Aug3.064311est.40321@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
In message <37A3B701.851DF00B@softweyr.com> Wes Peters writes:
>Do we have a list of all services that use bpf?
In the base system, ipfilter et al (ie ipsend(1)), tcpdump,
rbootd, rarpd and dhcp. Someone who's got a complete set of ports
might like to comment on what ports need bpf.
Of these, we need to leave rarpd, dhcp and maybe rbootd running,
whilst inhibiting tcpdump and ipfilter (or at least stop them
being used to sniff networks)[*].
As I've already mentioned elsewhere, a fairly easy option would be
to create a `crippled' BPF - which included a hard-wired filter
that only returned broadcast packets and disabled BIOCSETF and
maybe BIOCPROMISC. The crippled BPF would be part of GENERIC, and
anyone who wanted the full functionality could re-compile without
the `CRIPPLED_BPF' flag. Another option would be to have the BPF
crippling based on the secure-level (or driven via a specific
`raise-only' sysctl).
Apart from the hard-wired filters, the code to do this is trivial
(though not as trivial as simply blocking bpf_open is securelevel
> 1).
[*] I personally don't believe that the mere presence of bpf is a
security hole. By default you need root to activate it (and if
someone undesirable has root access, you have other problems).
It's also trivially easy to sniff a network from a Windoze PC.
Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Aug3.064311est.40321>