Date: Sat, 31 Jul 1999 20:01:21 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <37A2D781.AA0EA382@newsguy.com> References: <8442.933363979@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jordan K. Hubbard" wrote: > > We got off onto a big tangent about switches and vlans and stuff and I > learned a number of interesting things, don't get me wrong, but we > still haven't established any consensus on the trade-offs of enabling > bpf. This wasn't meant to be a hypothetical discussion, I'm truly > trying to measure the trade-off between enabling bpf and (by some > fraction) opening things up to easier attack by sniffers in a > root-compromise situation vs not having DHCP work properly at all > after installation. > > This is a clear security vs functionality issue and I need to get a > good feel for which "cause" is ascendent here in knowing which way to > jump on the matter. Can we now hear the closing arguments from the > pro and con folks? I'm a pro folk. Your machine will have to be compromised before bpf becomes and issue, and once a machine is compromised, it is compromised. The concept of "reducing damage" is an illusion. That's like calling finger a security tool. DHCP is very important nowadays. If anyone wants to delude themselves, they can very well press the "Yes! I want to delude myself." button by removing bpf from the kernel. Besides... is there anyone _seriously_ interested in security using GENERIC? Not that GENERIC is in any way deficient, but why use a kitchen-sink kernel? -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org - Jordan, God, what's the difference? - God doesn't belong to the -core. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37A2D781.AA0EA382>