From owner-freebsd-security  Wed Dec 11 01:28:17 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id BAA28665
          for security-outgoing; Wed, 11 Dec 1996 01:28:17 -0800 (PST)
Received: from silver.sms.fi (root@silver.sms.fi [194.111.122.17])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id BAA28660
          for <freebsd-security@freebsd.org>; Wed, 11 Dec 1996 01:28:13 -0800 (PST)
Received: (from pete@localhost) by silver.sms.fi (8.7.6/8.7.3) id LAA02201; Wed, 11 Dec 1996 11:27:50 +0200 (EET)
Date: Wed, 11 Dec 1996 11:27:50 +0200 (EET)
Message-Id: <199612110927.LAA02201@silver.sms.fi>
From: Petri Helenius <pete@sms.fi>
To: Michael Smith <msmith@atrad.adelaide.edu.au>
Cc: freebsd-security@freebsd.org
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
In-Reply-To: <199612110745.SAA23084@genesis.atrad.adelaide.edu.au>
References: <199612110716.JAA01999@silver.sms.fi>
	<199612110745.SAA23084@genesis.atrad.adelaide.edu.au>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Michael Smith writes:
 > Petri Helenius stands accused of saying:
 > > I think one consideration here is that to run some of the desired
 > > functionality, like dhcpd, you need to have them.
 > 
 > Not on a _shell_server_ you don't.  If you're in the business of offering
 > shell access (which is fortunately becoming rarer), your shell machines
 > need to be _watertight_, which normally involves removing just about
 > everything.
 > 
We're in violent agreement here. On both the tightness and the fact
that it's becoming rarer.

Pete