From owner-freebsd-security  Thu Sep 16 16:15: 6 1999
Delivered-To: freebsd-security@freebsd.org
Received: from kinetic.tiora.net (kinetic.tiora.net [206.251.130.15])
	by hub.freebsd.org (Postfix) with ESMTP id D2F1014FBC
	for <security@FreeBSD.ORG>; Thu, 16 Sep 1999 16:15:02 -0700 (PDT)
	(envelope-from liam@kinetic.tiora.net)
Received: from localhost (liam@localhost)
	by kinetic.tiora.net (8.9.3/8.9.3) with ESMTP id QAA12901;
	Thu, 16 Sep 1999 16:14:52 -0700 (PDT)
Date: Thu, 16 Sep 1999 16:14:52 -0700 (PDT)
From: Liam Slusser <liam@tiora.net>
To: Kenny Drobnack <kdrobnac@mission.mvnc.edu>
Cc: Brett Glass <brett@lariat.org>,
	"Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu>, security@FreeBSD.ORG
Subject: Re: BPF on in 3.3-RC GENERIC kernel
In-Reply-To: <Pine.GSO.3.96.990916150427.5757E-100000@mission.mvnc.edu>
Message-ID: <Pine.GSO.4.05.9909161559330.6933-100000@kinetic.tiora.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Right...but if the system was hacked what would stop the hacker from
building BPF in a kernel?  It does not matter if you have it in the kernel
or not..if a hacker wants it..it does not take alot of work to add it.

And anyways...if you don't like it..you could always *build* your own
kernel without BPF.

;)

liam

System Administrator Tiora Networks | www.tiora.net <---- tiora's webpage
www.tiora.net/~liam <----- homepage | liam@tiora.net <-- my email address
Lowered turbo powered Honda Civic's are really cool. <---------- my quote

On Thu, 16 Sep 1999, Kenny Drobnack wrote:

> How about this idea: from what I've seen and heard, the only things that
> depend on BPF are tcpdump and dhcp.  The average user does not need
> tcpdump.  So, if a user enables dhcp, BPF gets turned on, otherwise, it
> will stay off.  Of course, the only way I could think of to do this would
> be to make BPF a loadable module.  The problem with that is, someone
> running as root could just load up the module anyway...
> 
> 
> > Maybe it's a religious issue, or maybe some utility depends on it.
> > But it might not be a good idea to let it be on from the get-go.
> > If the machine is rooted, you've got an instant packet sniffer.
> > I plan to turn it off on EVERY install, and I sure wish it
> > were that way to start.
> 
> -----
>  We are now the Knights who say... 
>  "Ekki-Ekki-Ekki-Ekki-PTANG! Zoom-Boing! Z'nourrwringmm!"
>       -the Knights who formerly said "ni" "Monty Python and the Holy Grail"
> ----
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message