Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Jul 2003 01:43:33 -0700
From:      John-Mark Gurney <gurney_j@efn.org>
To:        freebsd-arch@freebsd.org
Subject:   Re: Things to remove from /rescue
Message-ID:  <20030717084333.GB35337@funkthat.com>
In-Reply-To: <20030717080805.GA98878@dragon.nuxi.com>
References:  <20030717080805.GA98878@dragon.nuxi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700:
> - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs
>   these?  /rescue is to fix a borked /, not replace PicoBSD.

ipfw I can see as useful.  If you have a kernel that defaults to closed,
and you need to access the network, then this is a problem.  If we had
a loader tunable to make a closed firewall open, then this wouldn't be
needed, but then we introduce the fun security hole of /boot/loader.conf
munging, which is minor...  if someone can modify /boot/loader.conf, you
have bigger fish to fry..

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030717084333.GB35337>