Subject: Re: Should loose source routing be enabled if not IPFORWARDING?
To: None <current-users@NetBSD.ORG>
From: Ronald Khoo <ronald@cpm.COM.MY>
Date: 12/15/1994 10:37:07
Herb Peyerl <firstname.lastname@example.org> wrote:
> There were two suggestions. One was a sysctl which I'm not fond of in
> that situation because should someone gain root on the firewall (well,
> in that case you're screwed anyhow but) then they can easily enable
> forwarding without attracting too much attention.
I guess you could argue that perhaps ipforwarding should be readonly
when the kernel security level is multiuser ?
Me: Ronald Khoo Food: Roti Chanai Drink: Tea, weak, milky without sugar
In Malaysia: email@example.com +60 3 241 5232 Computer Protocol Malaysia
In England: firstname.lastname@example.org +44 81 349 0063 Demon Internet Services