Date: Wed, 15 Sep 1999 20:32:19 -0600 From: Warner Losh <imp@village.org> To: Brett Glass <brett@lariat.org> Cc: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu>, security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel Message-ID: <199909160232.UAA17841@harmony.village.org> In-Reply-To: Your message of "Wed, 15 Sep 1999 17:09:23 MDT." <4.2.0.58.19990915170025.048d0b00@localhost> References: <4.2.0.58.19990915170025.048d0b00@localhost> <4.2.0.58.19990915164546.048d0100@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4.2.0.58.19990915170025.048d0b00@localhost> Brett Glass writes: : Maybe it's a religious issue, or maybe some utility depends on it. It is a religious issue AND some utility depends on it. DHCP requires it. : But it might not be a good idea to let it be on from the get-go. The DHCP client needs it. : If the machine is rooted, you've got an instant packet sniffer. If the machine is rooted, you are in big trouble anyway. Also, there are many ways that you can make a machine that doesn't have it enabled you can sniff packets from. The added security is an illusion. If you care about your network traffic disclosure, encrypt everything. : I plan to turn it off on EVERY install, and I sure wish it : were that way to start. I'm happy for you. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909160232.UAA17841>