"Jordan K. Hubbard" wrote:
>
> We got off onto a big tangent about switches and vlans and stuff and I
> learned a number of interesting things, don't get me wrong, but we
> still haven't established any consensus on the trade-offs of enabling
> bpf. This wasn't meant to be a hypothetical discussion, I'm truly
> trying to measure the trade-off between enabling bpf and (by some
> fraction) opening things up to easier attack by sniffers in a
> root-compromise situation vs not having DHCP work properly at all
> after installation.
>
> This is a clear security vs functionality issue and I need to get a
> good feel for which "cause" is ascendent here in knowing which way to
> jump on the matter. Can we now hear the closing arguments from the
> pro and con folks?
Pro: it's not a vulnerability unless somebody has already cracked root.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://softweyr.com/ w...@softweyr.com
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
