tech-net: Re: dhcpd(8) _cannot_ be completely disabled on an interface

Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: Bill Squier <groo@old-ones.com>
From: Jim Wise <jwise@draga.com>
List: tech-net
Date: 01/07/2002 14:02:07

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 6 Jan 2002, Bill Squier wrote:

>On Sat, Jan 05, 2002 at 08:31:08PM -0500, Jim Wise wrote:
>>
>> It also means that were there (and I don't know of any) a buffer
>> overflow or other security problem in dhcpd's internal udp handling, ipf
>> could _not_ be used to protect the machine from outside exploitation.
>
>Compile dhcpd to use sockets instead of bpf.

Good answer.  :-)

Is there any functionality loss for a dhcpd(8) built this way?  If not,
is there any other good reason not to make this the default?

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8OfCzN71lEcOYcw4RAgS2AJ4t2jcUMOtS+eWHPqqWVOMs99O27ACcDKY6
azjIa/WJxxXC7yeOsF/CJRE=
=SlM4
-----END PGP SIGNATURE-----