From owner-freebsd-stable Mon Sep 6 12: 7: 3 1999 Delivered-To: freebsd-stable@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id B8F9615281; Mon, 6 Sep 1999 12:06:53 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA03182; Mon, 6 Sep 1999 12:04:14 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909061904.MAA03182@gndrsh.dnsmgr.net> Subject: Re: softupdates in latest build? In-Reply-To: from Brad Knowles at "Sep 6, 1999 08:20:19 pm" To: blk@skynet.be (Brad Knowles) Date: Mon, 6 Sep 1999 12:04:14 -0700 (PDT) Cc: tom@uniserve.com (Tom), des@flood.ping.uio.no (Dag-Erling Smorgrav), daeron@Wit401305.student.utwente.nl (Pascal Hofstee), freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > At 10:48 AM -0700 1999/9/6, Tom wrote: > > > Uhh... this isn't true at all. It is far from trivial to get root. > > Show me a rootkit that works on 3.2-stable. > > I don't need to. We're violating rule #1 of Cheswick & Bellovin > -- if you don't need something, don't run it. This fact alone should > be enough to cause this feature to be disabled by default. Since no one seems to have pointed directly at the reason that rule #1 is being violated I thought it might help kill this thread quickly to state: bpf is enabled as it is needed by DHCP to get the correct IP configuration during an install onto a network that uses DHCP for configuration. Thus bpf has crossed the line from being ``not needed'' to ``needed'' out of the box. Therefore this is not a violation of Cheswick & Bellovin's rule #1. I myself, a person strongly against having anything on a box from day one that may impose security risks, have adopted to the needed change and support it. I simply now build my boxes in a disconnected state, then rip out what is not needed for this deployment before the thing ever sees anything like a network. If you need further details please search the email archives for a very long thread that talked all about this. About your legal concerns, well.. thats another matter all togeather, but given the ``value'' of FreeBSD Inc it is presently not a very large target for someone to fire at. I will state you are correct in your assertion that the disclaimer of warranties is not a legal protection from these types of lawsuits, which generally use the broader scoped ``gross negligence'' basis, it is the best that one can do given the current state of the legal system. Given my above statement of _why_ bpf is needed I think it would be safe to assume that FreeBSD has done do deligence in it's task of weighting functionality vs security and would have a good case on this front against any gross negligence suit with respect to bpf. Infact it can be demostrated that FreeBSD has gone the extra mile to insure that the product it produces is far more secure than almost anything the commercial boys turn out. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message