Date: Sat, 18 Sep 1999 02:57:35 -0400 (EDT) From: Mike Nowlin <mike@argos.org> To: security@freebsd.org Subject: Re: Securing a system that's been rooted remotely (Was: BPF on in 3.3-RC GENERIC kernel) Message-ID: <Pine.LNX.4.05.9909180252510.30790-100000@jason.argos.org> In-Reply-To: <Pine.BSF.4.10.9909171603270.26241-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Securelevel high, GENERIC kernel, locked down with schg = silly, because > for all the work you've done to audit the startup path, you might as well > have just commented out the bpf driver and rebuilt your kernel too. This whole discussion is silly... We've beat it into the ground several times now, and there's valid arguments on both sides. Everyone should make their own decision. The guys who decide what's in GENERIC are probably sick and tired of hearing about the pitfalls of BPF. They seem to think (and I agree) that it's easier to re-compile the kernel than fix all of the BPF-related problems. If you're worried about somebody kicking your system over to a GENERIC kernel, then just remove the damn thing and fix the boot files. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9909180252510.30790-100000>