From owner-freebsd-security  Wed Dec 11 16:34:14 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id QAA23650
          for security-outgoing; Wed, 11 Dec 1996 16:34:14 -0800 (PST)
Received: from ki1.chemie.fu-berlin.de (ki1.Chemie.FU-Berlin.DE [160.45.24.21])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id QAA23641
          for <freebsd-security@freebsd.org>; Wed, 11 Dec 1996 16:34:11 -0800 (PST)
Received: by ki1.chemie.fu-berlin.de (Smail3.1.28.1)
	  from mail.hanse.de (193.174.9.9) with smtp
	  id <m0vXz69-0000abC>; Thu, 12 Dec 96 01:34 MET
Received: from wavehh.UUCP by mail.hanse.de with UUCP
	  for freebsd-security@freebsd.org id <m0vXz67-0004fBC@mail.hanse.de>; Thu, 12 Dec 96 01:33 MET
Received: by wavehh.hanse.de (4.1/SMI-4.1)
	id AA28154; Thu, 12 Dec 96 00:49:01 +0100
From: cracauer@wavehh.hanse.de (Martin Cracauer)
Message-Id: <9612112349.AA28154@wavehh.hanse.de>
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
To: brian@saturn.net (Brian Mitchell)
Date: Thu, 12 Dec 1996 00:49:00 +0100 (MET)
Cc: cracauer@wavehh.hanse.de, freebsd-security@freebsd.org
In-Reply-To: <Pine.BSI.3.95.961211140922.447A-100000@redmare.com> from "Brian Mitchell" at Dec 11, 96 02:12:04 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > And in what way can BPF make spoofing easier?
> 
> BPF lets you send and recv raw packet frames.
> Brian Mitchell / brian@saturn.net

Of course, but only as root also.

My point was that the whole discussion failed to mention that all the
problem only occur when someone becomes root.

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@wavehh.hanse.de>
http://cracauer.cons.org
Fax +49 40 522 85 36