Here is a pro vote for enabling BPF in GENERIC:
It will let us use a dhcp client in the install programs, this is of tremendous
use to many people as DHCP starts to become much more popular. I cannot
net install a machine at home since that is on a DHCP cable modem service.
Also, if root is compromised on a system, even if you don't have bpf installed
you would be a fool to believe that they are not sniffing packets/passwords.
At the very least Mr. Pragmatic(sp?) has shown the world the power and
flexability of KLDs... I am sure someone could write a KLD to impliment the
functionality of a packet sniffer. Also an attacker, once obtaining root,
could certainly trojan ftpd/sshd/telnetd/login/whatever. I think disabling
bpf for "security reasons" is a false sense of security.
--
David Cross | email: [EMAIL PROTECTED]
Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd
Rensselaer Polytechnic Institute, | Ph: 518.276.2860
Department of Computer Science | Fax: 518.276.4033
I speak only for myself. | WinNT:Linux::Linux:FreeBSD
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
