Date: Tue, 2 Feb 1999 23:35:47 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <Pine.BSF.3.96.990202233308.21838C-100000@fledge.watson.org> In-Reply-To: <9575.918011566@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Feb 1999, Jordan K. Hubbard wrote: > OK, time to raise this topic again. What to people think about > enabling bpfilter by default in GENERIC? > > And before everyone screams "That would not be BSD!" let me just > note that NetBSD and probably OpenBSD (haven't looked) already do > this. I'd love to see this. This would enable applications like DHCP out of the box, which is probably desirable from a notebook perspective. As Matt points out, the security limitations are not very clear: the securelevel code generally requires a lot of modifications to the base system, so my temptation is to ignore the issue, but create a securelevel man page that discusses "things to do in making a securelevel-friendly system", and add to it: disable bpf. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990202233308.21838C-100000>