From owner-freebsd-security Fri Sep 17 12:35: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E8749152F0 for ; Fri, 17 Sep 1999 12:34:52 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA82630; Fri, 17 Sep 1999 13:34:50 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA04578; Fri, 17 Sep 1999 13:33:47 -0600 (MDT) Message-Id: <199909171933.NAA04578@harmony.village.org> To: Cy Schubert - ITSD Open Systems Group Subject: Re: BPF on in 3.3-RC GENERIC kernel Cc: Brett Glass , Darren Reed , Harry_M_Leitzell@cmu.edu, security@FreeBSD.ORG In-reply-to: Your message of "Thu, 16 Sep 1999 07:09:00 PDT." <199909161409.HAA06535@cwsys.cwsent.com> References: <199909161409.HAA06535@cwsys.cwsent.com> Date: Fri, 17 Sep 1999 13:33:47 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199909161409.HAA06535@cwsys.cwsent.com> Cy Schubert - ITSD Open Systems Group writes: : How about a compromise? Leave BPF in the generic kernel but add a boot : option to disable it, then a site can create a loader.conf to to : disable it. Because that is every bit as dangerous as having it enabled. If an intruder wants to turn it on, make them work harder than changing one memory location in the kernel. Also, BPF isn't setup to really do this in its current incarnation. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message