Date: Mon, 11 Jun 2001 23:27:02 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: <gzjyliu@public.guangzhou.gd.cn> Cc: <hackers@FreeBSD.org> Subject: Re: [PATCH] Limited BPF to the specified program Message-ID: <20010611232418.V3383-100000@achilles.silby.com> In-Reply-To: <200106120248.f5C2mcr00360@fatcow.home>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Jun 2001 gzjyliu@public.guangzhou.gd.cn wrote: > Hi, > > Seems I can't contact the coordinator(eivind@FreeBSD.org) of this > task. So I think maybe I should send the patch to this list. Here is > the patch for limiting bpf access to the specified program. > > For example, if I wanna specify only /sbin/dhclient can use bpf, I > can: The idea sounds neat, especially for computer labs and the like. Unfortunately, I think this implementation is far too difficult to be used effectively. Could you instead cause bpf to only return packets dhclient would use? That would allow bpf to be used by any process, but only be useful to dhclient. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010611232418.V3383-100000>