Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 31 Jul 1999 15:44:58 -0400
From:      Christopher Masto <chris@netmonger.net>
To:        Warner Losh <imp@village.org>, "Brian F. Feldman" <green@FreeBSD.ORG>
Cc:        "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, hackers@FreeBSD.ORG
Subject:   Re: So, back on the topic of enabling bpf in GENERIC...
Message-ID:  <19990731154458.A2068@netmonger.net>
In-Reply-To: <199907302342.RAA85088@harmony.village.org>; from Warner Losh on Fri, Jul 30, 1999 at 05:42:57PM -0600
References:  <Pine.BSF.4.10.9907301619280.6951-100000@janus.syracuse.net> <199907302342.RAA85088@harmony.village.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 30, 1999 at 05:42:57PM -0600, Warner Losh wrote:
> In message <Pine.BSF.4.10.9907301619280.6951-100000@janus.syracuse.net> "Brian F. Feldman" writes:
> : And how about having
> : 	if (securelevel > 3)
> : 		return (EPERM);
> : in bpf_open()?
> 
> There are no security levels > 3.  I'd be happy with > 0.  This is
> consistant with the meaning of "raw devices".

I hope you mean "> 1".  I often diagnose problems using tcpdump etc.,
and I don't think bpf should be broken just because someone wants the
minor "flags can't be turned off" feature of level 1.

It seems to be that disabling bpf is more appropriate for security
level 2 and up, if such a thing is desirable.  I'm not sure it is.
-- 
Christopher Masto         Senior Network Monkey      NetMonger Communications
chris@netmonger.net        info@netmonger.net        http://www.netmonger.net

Free yourself, free your machine, free the daemon -- http://www.freebsd.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990731154458.A2068>