Date: Wed, 03 Feb 1999 23:07:34 +0200 From: Sheldon Hearn <axl@iafrica.com> To: Coranth Gryphon <gryphon@healer.com> Cc: security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <26280.918076054@axl.noc.iafrica.com> In-Reply-To: Your message of "Wed, 03 Feb 1999 11:36:12 PST." <36B8A52C.87FC356@healer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 03 Feb 1999 11:36:12 PST, Coranth Gryphon wrote: > Perhaps it's worth revisting the GENERIC issue from another direction. > What if FreeBSD shipped with two pre-built kernels, one with > most of the options (LKM, BPF, etc) turned on by default and > the other reasonable locked down (ie SECURE). I think the discussion has moved on from "should we ship a bpf-enabled kernel", which is the issue you seem to be addressing with your suggestion. I think the issue being discussed is really "is a bpf-enabled kernel any less secure than one without bpf?" I think once that's decided, the rest will fall into place. What does worry me a little is the idea of making bpf's operation dependant on the running securelevel. I thought securelevel restricted messing around _inside_ my box. What's that got to do with what my box can do with my wire, I wonder? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26280.918076054>