Date: Thu, 17 Jul 2003 01:43:33 -0700 From: John-Mark Gurney <gurney_j@efn.org> To: freebsd-arch@freebsd.org Subject: Re: Things to remove from /rescue Message-ID: <20030717084333.GB35337@funkthat.com> In-Reply-To: <20030717080805.GA98878@dragon.nuxi.com> References: <20030717080805.GA98878@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700: > - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs > these? /rescue is to fix a borked /, not replace PicoBSD. ipfw I can see as useful. If you have a kernel that defaults to closed, and you need to access the network, then this is a problem. If we had a loader tunable to make a closed firewall open, then this wouldn't be needed, but then we introduce the fun security hole of /boot/loader.conf munging, which is minor... if someone can modify /boot/loader.conf, you have bigger fish to fry.. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030717084333.GB35337>