:In message <9518.933378...@zippy.cdrom.com> "Jordan K. Hubbard" writes: :: > There are no security levels > 3. I'd be happy with > 0. This is :: > consistant with the meaning of "raw devices". :: :: Would you be willing to make this change? : :Yes. I will make this change tomorrow unless there is significant :objections that cannot be resolved in the mean time. : :Warner
It seems to me quite reasonable to prevent further opens of bpf once the secure level has been raised above zero. None of the devices using bpf appear to have a rebinding problem (e.g. as opposed to named running as non-root), so this would fit in well. -Matt Matthew Dillon <dil...@backplane.com> To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message