From owner-freebsd-security Thu Feb 4 17:54:17 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA02074 for freebsd-security-outgoing; Thu, 4 Feb 1999 17:54:17 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ppc1.cybertime.ch (ppc1.cybertime.ch [194.191.120.136]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA01954 for ; Thu, 4 Feb 1999 17:54:13 -0800 (PST) (envelope-from pajarola@cybertime.ch) Received: from tiamat.dlc.cybertime.ch (tiamat.dlc.cybertime.ch [194.191.120.143]) by ppc1.cybertime.ch (8.9.2/8.9.2) with SMTP id CAA15270 for ; Fri, 5 Feb 1999 02:54:13 +0100 Message-Id: <3.0.32.19990205024540.00874db0@shrike.overmind.ch> X-Sender: pajarola@shrike.overmind.ch X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 05 Feb 1999 02:54:01 +0100 To: security@FreeBSD.ORG From: Rico Pajarola Subject: Re: tcpdump Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I vote for bpf in GENERIC Maybe it is true that most people who need bpf for tcpdumping on a regular basis are of the type who compile their own kernel anyway, and that it can compromise security (I don't really believe that), but there are some increasingly important 'legal' reasons to use it for joe averageuser: if he ever has strange networking problems, he'll almost certainly be asked for tcpdump, and most people who set up FreeBSD in a windoze environment will need dhcp (and tell me how many networks are not m$ contaminated) All commercial U*** I know have bpf (or something similar) enabled by default (AIX and Solaris for sure, I am not sure for SCO, HP and Digital). I'd also be for not allowing open() of bpf* in securelevel >0. I think this is consistent with other restrictions in high securelevels, and if anything screws up, you'll most certainly have to reboot anyway. And if you don't like it, just compile your own kernel without bpf (the same as we who like/need it have to recompile now). Rico Pajarola To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message