Date: Tue, 2 Feb 1999 19:52:13 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <199902030352.TAA42425@apollo.backplane.com> References: <9575.918011566@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:OK, time to raise this topic again. What to people think about
:enabling bpfilter by default in GENERIC?
:
:And before everyone screams "That would not be BSD!" let me just
:note that NetBSD and probably OpenBSD (haven't looked) already do
:this.
:
:- Jordan
Well, not having bpfilter enabled by default doesn't
really enhance security since the kernel module loader
*is* enabled by default. Still, perhaps it would be
a good idea to lockout new open()'s on bpf when the
secure level is > 0. The module loader already disables
itself when securelevel > 0.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902030352.TAA42425>