Date: Fri, 30 Jul 1999 16:00:16 -0400 From: "David E. Cross" <crossd@cs.rpi.edu> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: hackers@FreeBSD.ORG, crossd@cs.rpi.edu Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <199907302000.QAA30574@cs.rpi.edu> In-Reply-To: Message from "Jordan K. Hubbard" <jkh@zippy.cdrom.com> of "Fri, 30 Jul 1999 12:46:19 PDT." <8442.933363979@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is a pro vote for enabling BPF in GENERIC: It will let us use a dhcp client in the install programs, this is of tremendous use to many people as DHCP starts to become much more popular. I cannot net install a machine at home since that is on a DHCP cable modem service. Also, if root is compromised on a system, even if you don't have bpf installed you would be a fool to believe that they are not sniffing packets/passwords. At the very least Mr. Pragmatic(sp?) has shown the world the power and flexability of KLDs... I am sure someone could write a KLD to impliment the functionality of a packet sniffer. Also an attacker, once obtaining root, could certainly trojan ftpd/sshd/telnetd/login/whatever. I think disabling bpf for "security reasons" is a false sense of security. -- David Cross | email: crossd@cs.rpi.edu Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907302000.QAA30574>