Date: Wed, 03 Feb 1999 16:34:47 -0800 From: Coranth Gryphon <gryphon@healer.com> To: security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <36B8EB27.689D17BF@healer.com> References: <26280.918076054@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn <axl@iafrica.com> was heard to say: > the discussion has moved on from "should we ship a bpf-enabled kernel" > I think the issue being discussed is really "is a bpf-enabled kernel > less secure than one without bpf?" I think once that's decided, the > rest will fall into place. Granted, but that was my point. Given that there is a lot of disagreement whether it is or is not secure and given that (quoting someone else, I forget who): > over have the kernel rebuilts are to add bpf While it may be "10 minutes work" for most people, there are a lot out there who are not confident enough of their skills to be willing to do a rebuild. Besides, why make half the people out there spend those 10 minutes? By shipping two kernels, we also solve a lot of other 'security' vs. 'ease of use' debates. The security-conscious folk can tighten down the secure kernel to the minimum reasonable level for safe operation, while the other kernel can have most of the fun/intersting stuff turned on for those who want to play. If you want to think about it another way, consider it one step towards shipping a "Hardening Kit" for FreeBSD. -coranth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36B8EB27.689D17BF>