Subject: Re: Should loose source routing be enabled if not IPFORWARDING?
To: None <current-users@NetBSD.ORG>
From: Ronald Khoo <ronald@cpm.COM.MY>
List: current-users
Date: 12/15/1994 10:37:07
Herb Peyerl <hpeyerl@novatel.ca> wrote:
> There were two suggestions. One was a sysctl which I'm not fond of in
> that situation because should someone gain root on the firewall (well,
> in that case you're screwed anyhow but) then they can easily enable
> forwarding without attracting too much attention.
I guess you could argue that perhaps ipforwarding should be readonly
when the kernel security level is multiuser ?
--
Me: Ronald Khoo Food: Roti Chanai Drink: Tea, weak, milky without sugar
In Malaysia: ronald@cpm.com.my +60 3 241 5232 Computer Protocol Malaysia
In England: ronald@demon.net +44 81 349 0063 Demon Internet Services