From owner-cvs-all  Thu Jul 22 19:13:38 1999
Delivered-To: cvs-all@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP
	id E10E014D6B; Thu, 22 Jul 1999 19:13:35 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id TAA05509;
	Thu, 22 Jul 1999 19:11:33 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
To: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>
Cc: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, jkh@FreeBSD.ORG
Subject: Re: cvs commit: src/release/sysinstall tcpip.c 
In-reply-to: Your message of "Fri, 23 Jul 1999 07:27:50 +1000."
             <99Jul23.070924est.40350@border.alcanet.com.au> 
Date: Thu, 22 Jul 1999 19:11:33 -0700
Message-ID: <5505.932695893@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

> I _really_ think that this is a furphy.  Not having BPF doesn't buy
> you any additional security - it's just too easy to sniff the
> network from a Windoze PC.  Typically /dev/bpf*  only allows root
> access - and if someone undesirable has root access, you have more
> pressing problems.

Tell it to the network security folks, like Garrett Wollman (hi!), who
scream like stuck pigs every time the subject of putting bpf in the
kernel is raised, not me. :)

> Iff you believe that the mere presence of BPF is a security hole, then

I actually share your opinion about the proper defense against
sniffing being proper network design (use switches/vlans/etc) and
not turning off bpf, but I'm not the one you need to convince here. :-)

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message