Date: Fri, 30 Jul 1999 17:55:15 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Warner Losh <imp@village.org> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, "Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <199907310055.RAA95155@apollo.backplane.com> References: <9518.933378839@zippy.cdrom.com> <199907302357.RAA85254@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:In message <9518.933378839@zippy.cdrom.com> "Jordan K. Hubbard" writes:
:: > There are no security levels > 3. I'd be happy with > 0. This is
:: > consistant with the meaning of "raw devices".
::
:: Would you be willing to make this change?
:
:Yes. I will make this change tomorrow unless there is significant
:objections that cannot be resolved in the mean time.
:
:Warner
It seems to me quite reasonable to prevent further opens of bpf once
the secure level has been raised above zero. None of the devices using
bpf appear to have a rebinding problem (e.g. as opposed to named running
as non-root), so this would fit in well.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907310055.RAA95155>