Date: Thu, 04 Feb 1999 19:01:35 -0700 From: Wes Peters <wes@softweyr.com> To: "Christopher G. Petrilli" <petrilli@amber.org> Cc: James Wyatt <jwyatt@RWSystems.net>, security@FreeBSD.ORG Subject: Re: Enabling bpf device in kernel (was: Re: tcpdump) Message-ID: <36BA50FF.7E74C979@softweyr.com> References: <19990204102322.28863@amber.org> <Pine.BSF.4.05.9902041407080.15871-100000@kasie.rwsystems.net> <19990204200236.30021@amber.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Christopher G. Petrilli" wrote:
>
> On Thu, Feb 04, 1999 at 02:16:54PM -0600, James Wyatt wrote:
> > On Thu, Feb 04, 1999 at 05:10:40AM -0600, Richard Wackerbarth wrote:
> > > I think that the world is moving toward dhcp as the primary method of
> > > learning appropriate IP configuration data.
> >
> > On Thu, 4 Feb 1999, Christopher G. Petrilli wrote:
> > > I would agree that this is true for clients, but I don't believe it will
> > > ever be true for servers... and remember, FreeBSD is a server first, and
> > > more often than it is a client I think... at least that our experience
> > > with it. I'm the only person who has a FreeBSD box on their desk as a
> > > client, but we have dozens of them as servers.
> >
> > *This* might be a good split for boot floppies. Not dozens w/different
> > hardware, just two for server v.s. client. The server would have higher
> > MAX_USER, no dhcpd. The client could have dhcp, bpf, and maybe sound. Of
> > course, this means more work for the folks who bring us FreeBSD. What do
> > they think? OTOH: I usually build server kernels by hand anyway to tune
> > RAM/users/ptys/etc and carefully spec drivers and options. I have begun
> > building most kernels on one box and FTP-ing them anyway.
>
> Call it an epiphany, but I think this is probably how the intall process
> should diverge... I haven't looked yet, so this is all hand-waving, but
> what would be nice is to be able ot simply have a "build file" that is
> used to generate the individual boot disks.
Well, this silly conversation has gone rocketing through my mailbox like
crap through a goose for long enough. Let me point out a few factoids here:
1) DHCP is popular for a reason; it makes administering TCP/IP
networks a little less work.
2) DHCP is quite useful for simple, single-homed FreeBSD workstations
to pick up their IP addresses.
3) Sites who use DHCP for workstations are going to need to have
at least one DHCP server, too. This pretty much knocks off
the 'bpf for workstations but not servers' argument.
To those who see bpf as a giant, gaping security hole, I agree with you.
If allowed to be misused, it can be dangerous, nearly as dangerouss as
putting a WinPC on your network. ;^)
That said,
DECIDE IF DHCP IS ENOUGH REASON TO PUT BPF IN THE DEFAULT KERNEL AND GET
OVER IT!
Thank you for your calm, rational support. I will now return you to your
usual .00000000035264 S/N ratio. (I really oughtta get some sleep before
reading my mail today...)
--
Where am I, and what am I doing in this handbasket?
Wes Peters +1.801.915.2061
Softweyr LLC wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36BA50FF.7E74C979>