Date: Fri, 05 Feb 1999 02:54:01 +0100 From: Rico Pajarola <pajarola@cybertime.ch> To: security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <3.0.32.19990205024540.00874db0@shrike.overmind.ch>
next in thread | raw e-mail | index | archive | help
I vote for bpf in GENERIC Maybe it is true that most people who need bpf for tcpdumping on a regular basis are of the type who compile their own kernel anyway, and that it can compromise security (I don't really believe that), but there are some increasingly important 'legal' reasons to use it for joe averageuser: if he ever has strange networking problems, he'll almost certainly be asked for tcpdump, and most people who set up FreeBSD in a windoze environment will need dhcp (and tell me how many networks are not m$ contaminated) All commercial U*** I know have bpf (or something similar) enabled by default (AIX and Solaris for sure, I am not sure for SCO, HP and Digital). I'd also be for not allowing open() of bpf* in securelevel >0. I think this is consistent with other restrictions in high securelevels, and if anything screws up, you'll most certainly have to reboot anyway. And if you don't like it, just compile your own kernel without bpf (the same as we who like/need it have to recompile now). Rico Pajarola To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19990205024540.00874db0>