From owner-freebsd-security Thu Feb 4 18:02:41 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA03537 for freebsd-security-outgoing; Thu, 4 Feb 1999 18:02:41 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA03519 for ; Thu, 4 Feb 1999 18:02:37 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id SAA25017; Thu, 4 Feb 1999 18:01:36 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id SAA25039; Thu, 4 Feb 1999 18:01:36 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id TAA28618; Thu, 4 Feb 1999 19:01:35 -0700 Message-ID: <36BA50FF.7E74C979@softweyr.com> Date: Thu, 04 Feb 1999 19:01:35 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Christopher G. Petrilli" CC: James Wyatt , security@FreeBSD.ORG Subject: Re: Enabling bpf device in kernel (was: Re: tcpdump) References: <19990204102322.28863@amber.org> <19990204200236.30021@amber.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Christopher G. Petrilli" wrote: > > On Thu, Feb 04, 1999 at 02:16:54PM -0600, James Wyatt wrote: > > On Thu, Feb 04, 1999 at 05:10:40AM -0600, Richard Wackerbarth wrote: > > > I think that the world is moving toward dhcp as the primary method of > > > learning appropriate IP configuration data. > > > > On Thu, 4 Feb 1999, Christopher G. Petrilli wrote: > > > I would agree that this is true for clients, but I don't believe it will > > > ever be true for servers... and remember, FreeBSD is a server first, and > > > more often than it is a client I think... at least that our experience > > > with it. I'm the only person who has a FreeBSD box on their desk as a > > > client, but we have dozens of them as servers. > > > > *This* might be a good split for boot floppies. Not dozens w/different > > hardware, just two for server v.s. client. The server would have higher > > MAX_USER, no dhcpd. The client could have dhcp, bpf, and maybe sound. Of > > course, this means more work for the folks who bring us FreeBSD. What do > > they think? OTOH: I usually build server kernels by hand anyway to tune > > RAM/users/ptys/etc and carefully spec drivers and options. I have begun > > building most kernels on one box and FTP-ing them anyway. > > Call it an epiphany, but I think this is probably how the intall process > should diverge... I haven't looked yet, so this is all hand-waving, but > what would be nice is to be able ot simply have a "build file" that is > used to generate the individual boot disks. Well, this silly conversation has gone rocketing through my mailbox like crap through a goose for long enough. Let me point out a few factoids here: 1) DHCP is popular for a reason; it makes administering TCP/IP networks a little less work. 2) DHCP is quite useful for simple, single-homed FreeBSD workstations to pick up their IP addresses. 3) Sites who use DHCP for workstations are going to need to have at least one DHCP server, too. This pretty much knocks off the 'bpf for workstations but not servers' argument. To those who see bpf as a giant, gaping security hole, I agree with you. If allowed to be misused, it can be dangerous, nearly as dangerouss as putting a WinPC on your network. ;^) That said, DECIDE IF DHCP IS ENOUGH REASON TO PUT BPF IN THE DEFAULT KERNEL AND GET OVER IT! Thank you for your calm, rational support. I will now return you to your usual .00000000035264 S/N ratio. (I really oughtta get some sleep before reading my mail today...) -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message