Here is a pro vote for enabling BPF in GENERIC: It will let us use a dhcp client in the install programs, this is of tremendous use to many people as DHCP starts to become much more popular. I cannot net install a machine at home since that is on a DHCP cable modem service.
Also, if root is compromised on a system, even if you don't have bpf installed you would be a fool to believe that they are not sniffing packets/passwords. At the very least Mr. Pragmatic(sp?) has shown the world the power and flexability of KLDs... I am sure someone could write a KLD to impliment the functionality of a packet sniffer. Also an attacker, once obtaining root, could certainly trojan ftpd/sshd/telnetd/login/whatever. I think disabling bpf for "security reasons" is a false sense of security. -- David Cross | email: cro...@cs.rpi.edu Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
