Date: Thu, 4 Feb 1999 10:07:34 +0100 (CET) From: Chris Larsen <vader@vader.dk> To: security@FreeBSD.ORG Subject: Enabling bpf device in kernel (was: Re: tcpdump) Message-ID: <Pine.BSF.3.96.990204095555.10265F-100000@www.babel.dk>
next in thread | raw e-mail | index | archive | help
Hello all.. just wanted to put in my word: Now there's been pro's and con's against enabling bpf in GENERIC. As for security. Yes its bad that bpf is enabled on a vanilla install, not all *bsd users are ethical about their use of promiscious mode NIC. Its a little bit on the edge of having security or not. I'm rather concerned about the discussion about should bpf warrant a kernel compile or not. The issue for me is clear here. If you enable bpf, you must also enable ipfw, natd etc etc. Where should one stop ? The goal with GENERIC is to have a minimal kernel with most driver supported. Is bpf critical in getting a system up and running ? i think not. Is ipfw ? not either. If you are tuning your system, you will recompile your kernel, if you dont recompile your kernel, you should not be running unix. The goal is always to get the smallest possible kernel executable with the least code in it, to do its job. I would think every admin has its own idea of how its *bsd kernel should be configured for best performance for what that machine should be used for. Now you may say, well we've got 400 Mhz machines these days, a couple of cpu clock cycles isnt gonna cost much.. Yeah well, doing 100000 iterations costs a multiplier thereof. GENERIC should be stable, most hardware support, less fluff. If you ever gonna do good with *bsd, you recompile your kernel anyway. just my 0.02$ worth on the issue. darth@vader.dk | Internet Café : Babel vader@babel.dk | Frederiksborggade 33 Chris Larsen | Phone # +45 33 33 93 38 System Manager | Open: 14-23 Mon - Sat PGP-key id: 0x137993A5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990204095555.10265F-100000>