From owner-freebsd-security Wed Jun 16 12:18:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 43B23154F4 for ; Wed, 16 Jun 1999 12:18:09 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA51647; Wed, 16 Jun 1999 13:18:03 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA01012; Wed, 16 Jun 1999 13:18:03 -0600 (MDT) Message-Id: <199906161918.NAA01012@harmony.village.org> To: Barrett Richardson Subject: Re: some nice advice.... Cc: Unknow User , security@FreeBSD.ORG In-reply-to: Your message of "Wed, 16 Jun 1999 05:41:23 EDT." References: Date: Wed, 16 Jun 1999 13:18:03 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Barrett Richardson writes: : [bpf] can be some risk. If a machine with bpf enabled gets compromised : the attacker can use it as a network sniffer. That's the biggest reason that I do not enable it on most of my machines if I can at all help it. However, one could argue that if a machine gets compromized, then an attacker could, on the next reboot, cause arbitrary code to run via the rc mechanism.... This 'hold' is hard to plug, but is plugable if you are running with an elevated secure level... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message