Date: Fri, 17 Sep 1999 13:33:47 -0600 From: Warner Losh <imp@village.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Brett Glass <brett@lariat.org>, Darren Reed <avalon@coombs.anu.edu.au>, Harry_M_Leitzell@cmu.edu, security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel Message-ID: <199909171933.NAA04578@harmony.village.org> In-Reply-To: Your message of "Thu, 16 Sep 1999 07:09:00 PDT." <199909161409.HAA06535@cwsys.cwsent.com> References: <199909161409.HAA06535@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199909161409.HAA06535@cwsys.cwsent.com> Cy Schubert - ITSD Open Systems Group writes: : How about a compromise? Leave BPF in the generic kernel but add a boot : option to disable it, then a site can create a loader.conf to to : disable it. Because that is every bit as dangerous as having it enabled. If an intruder wants to turn it on, make them work harder than changing one memory location in the kernel. Also, BPF isn't setup to really do this in its current incarnation. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909171933.NAA04578>