Date: Thu, 4 Feb 1999 19:30:03 +1100 (EDT) From: Darren Reed <avalon@coombs.anu.edu.au> To: gryphon@healer.com (Coranth Gryphon) Cc: security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <199902040830.TAA13906@cheops.anu.edu.au> In-Reply-To: <36B8EB27.689D17BF@healer.com> from "Coranth Gryphon" at Feb 3, 99 04:34:47 pm
index | next in thread | previous in thread | raw e-mail
In some mail from Coranth Gryphon, sie said: [...] > If you want to think about it another way, consider it one step > towards shipping a "Hardening Kit" for FreeBSD. How much more rubbish do we have to read about bpf impacting the security of a system ? If someone can get root then it is "game over" if you are serious about security and haven't taken reasonable precautions (i.e. using tripwire across everything except user files, along with securelevel and file flags for everything but user files). BPF [not] being present will not matter. I think the decision has been made, anyway, to include BPF, which is a good thing. If you want to include multiple kernels for distribution, then include useful variations (i.e. different drivers enabled, etc). If you're _that_ desperate to distribute a `secure' kernel, create a config file and add it to the conf directory. Oh, and don't forget to include digital signatures of all distributed files on CD! That's what's really missing - oh, and a similar mechanism added to the pkg system to (you can get it now with RPM's). Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902040830.TAA13906>