Date: Thu, 17 Jul 2003 09:46:19 +0100 From: Ceri Davies <setantae@submonkey.net> To: freebsd-arch@freebsd.org Subject: Re: Things to remove from /rescue Message-ID: <20030717084619.GS403@submonkey.net> In-Reply-To: <20030717084333.GB35337@funkthat.com> References: <20030717080805.GA98878@dragon.nuxi.com> <20030717084333.GB35337@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 17, 2003 at 01:43:33AM -0700, John-Mark Gurney wrote: > David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700: > > - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs > > these? /rescue is to fix a borked /, not replace PicoBSD. > > ipfw I can see as useful. If you have a kernel that defaults to closed, > and you need to access the network, then this is a problem. If we had > a loader tunable to make a closed firewall open, then this wouldn't be > needed, but then we introduce the fun security hole of /boot/loader.conf > munging, which is minor... if someone can modify /boot/loader.conf, you > have bigger fish to fry.. There's the net.inet.ip.fw.enable sysctl. I'm also dubious about /rescue/vi; does this actually work when / is hosed? Ceri --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030717084619.GS403>