From owner-freebsd-hackers Mon Jun 11 21:27:12 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id DD56D37B407 for ; Mon, 11 Jun 2001 21:27:05 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 3430 invoked by uid 1000); 12 Jun 2001 04:27:02 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Jun 2001 04:27:02 -0000 Date: Mon, 11 Jun 2001 23:27:02 -0500 (CDT) From: Mike Silbersack To: Cc: Subject: Re: [PATCH] Limited BPF to the specified program In-Reply-To: <200106120248.f5C2mcr00360@fatcow.home> Message-ID: <20010611232418.V3383-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 12 Jun 2001 gzjyliu@public.guangzhou.gd.cn wrote: > Hi, > > Seems I can't contact the coordinator(eivind@FreeBSD.org) of this > task. So I think maybe I should send the patch to this list. Here is > the patch for limiting bpf access to the specified program. > > For example, if I wanna specify only /sbin/dhclient can use bpf, I > can: The idea sounds neat, especially for computer labs and the like. Unfortunately, I think this implementation is far too difficult to be used effectively. Could you instead cause bpf to only return packets dhclient would use? That would allow bpf to be used by any process, but only be useful to dhclient. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message