From owner-freebsd-hackers  Fri Jul 30 13: 5: 2 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15])
	by hub.freebsd.org (Postfix) with ESMTP id 3C0C81570A
	for <hackers@FreeBSD.org>; Fri, 30 Jul 1999 13:04:56 -0700 (PDT)
	(envelope-from green@FreeBSD.org)
Received: from localhost (green@localhost)
	by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id QAA07306;
	Fri, 30 Jul 1999 16:04:48 -0400 (EDT)
X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs
Date: Fri, 30 Jul 1999 16:04:47 -0400 (EDT)
From: "Brian F. Feldman" <green@FreeBSD.org>
X-Sender: green@janus.syracuse.net
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: hackers@FreeBSD.org
Subject: Re: So, back on the topic of enabling bpf in GENERIC...
In-Reply-To: <8442.933363979@zippy.cdrom.com>
Message-ID: <Pine.BSF.4.10.9907301603050.6951-100000@janus.syracuse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

If root is compromised, that's the only way bpf can be gotten to by
default. When root's compromised, if no bpf is available, the mem devices
can still be created (if not there) and network queues can be listened to.
And can't IFF_PROMISC be turned on too?

There's no good reason to not have bpf in at least the boot disk kernel.

 Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
 green@FreeBSD.org                   _ __ ___ | _ ) __|   \ 
     FreeBSD: The Power to Serve!        _ __ | _ \._ \ |) |
       http://www.FreeBSD.org/              _ |___/___/___/ 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message