Date: Tue, 2 Feb 1999 19:52:13 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <199902030352.TAA42425@apollo.backplane.com> References: <9575.918011566@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:OK, time to raise this topic again. What to people think about :enabling bpfilter by default in GENERIC? : :And before everyone screams "That would not be BSD!" let me just :note that NetBSD and probably OpenBSD (haven't looked) already do :this. : :- Jordan Well, not having bpfilter enabled by default doesn't really enhance security since the kernel module loader *is* enabled by default. Still, perhaps it would be a good idea to lockout new open()'s on bpf when the secure level is > 0. The module loader already disables itself when securelevel > 0. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902030352.TAA42425>