Date: Thu, 22 Jul 1999 19:11:33 -0700 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> Cc: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, jkh@FreeBSD.ORG Subject: Re: cvs commit: src/release/sysinstall tcpip.c Message-ID: <5505.932695893@zippy.cdrom.com> In-Reply-To: Your message of "Fri, 23 Jul 1999 07:27:50 %2B1000." <99Jul23.070924est.40350@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> I _really_ think that this is a furphy. Not having BPF doesn't buy > you any additional security - it's just too easy to sniff the > network from a Windoze PC. Typically /dev/bpf* only allows root > access - and if someone undesirable has root access, you have more > pressing problems. Tell it to the network security folks, like Garrett Wollman (hi!), who scream like stuck pigs every time the subject of putting bpf in the kernel is raised, not me. :) > Iff you believe that the mere presence of BPF is a security hole, then I actually share your opinion about the proper defense against sniffing being proper network design (use switches/vlans/etc) and not turning off bpf, but I'm not the one you need to convince here. :-) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5505.932695893>