Date: Fri, 23 Jul 1999 07:27:50 +1000 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, jkh@FreeBSD.ORG Subject: Re: cvs commit: src/release/sysinstall tcpip.c Message-ID: <99Jul23.070924est.40350@border.alcanet.com.au> In-Reply-To: <199907220851.BAA87161@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jordan K. Hubbard" <jkh@FreeBSD.org> wrote: > The ultimate answer here is to make either bpf a loadable kernel module Given that BPF needs to get its hooks into _every_ network driver, I'm not sure that this is practical. The public BPF interfaces would need to change to indirect function calls, which the module load/unload functions would need to switch between the real BPF functions (in the module) and stubs in the kernel. Recent experiments (in the discussions on atomic operations and locks) show that indirect function calls are relatively expensive - which would add significantly to the BPF overhead (and BPF is already in a time- critical path). > (which security conscious admins will be able to simply > remove from /modules) I _really_ think that this is a furphy. Not having BPF doesn't buy you any additional security - it's just too easy to sniff the network from a Windoze PC. Typically /dev/bpf* only allows root access - and if someone undesirable has root access, you have more pressing problems. > or come up with a lighter weight mechanism > just for dhcp and other apps that need to see broadcast packets but > not otherwise sniff the wire in full bpf glory. Iff you believe that the mere presence of BPF is a security hole, then this would seem to be a cleaner solution than trying to make BPF an LKM. The easiest way to achieve this would seem to be to create a `crippled' BPF - which included a hard-wired filter that only returned broadcast packets and disabled BIOCSETF and maybe BIOCPROMISC. The crippled BPF would be part of GENERIC, and anyone who wanted the full functionality could re-compile without the `CRIPPLED_BPF' flag. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Jul23.070924est.40350>