Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: Bill Squier <groo@old-ones.com>
From: Jim Wise <jwise@draga.com>
List: tech-net
Date: 01/07/2002 14:02:07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 6 Jan 2002, Bill Squier wrote:
>On Sat, Jan 05, 2002 at 08:31:08PM -0500, Jim Wise wrote:
>>
>> It also means that were there (and I don't know of any) a buffer
>> overflow or other security problem in dhcpd's internal udp handling, ipf
>> could _not_ be used to protect the machine from outside exploitation.
>
>Compile dhcpd to use sockets instead of bpf.
Good answer. :-)
Is there any functionality loss for a dhcpd(8) built this way? If not,
is there any other good reason not to make this the default?
- --
Jim Wise
jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8OfCzN71lEcOYcw4RAgS2AJ4t2jcUMOtS+eWHPqqWVOMs99O27ACcDKY6
azjIa/WJxxXC7yeOsF/CJRE=
=SlM4
-----END PGP SIGNATURE-----