Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: Bill Squier <email@example.com>
From: Jim Wise <firstname.lastname@example.org>
Date: 01/07/2002 14:02:07
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 6 Jan 2002, Bill Squier wrote:
>On Sat, Jan 05, 2002 at 08:31:08PM -0500, Jim Wise wrote:
>> It also means that were there (and I don't know of any) a buffer
>> overflow or other security problem in dhcpd's internal udp handling, ipf
>> could _not_ be used to protect the machine from outside exploitation.
>Compile dhcpd to use sockets instead of bpf.
Good answer. :-)
Is there any functionality loss for a dhcpd(8) built this way? If not,
is there any other good reason not to make this the default?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----