On Fri, Feb 13, 2004 at 01:55:07AM -0800, Jason wrote: > I see, so if dhcpd and pf weren't sharing the same interface, then I wouldn't > have this problem. > > I guess limiting dhcpd wouldn't be the best thing, but improving pf. Is > anyone working on adding such a feature to pf to make it block these kinds of > requests? Seems like it'd be helpful. Otherwise, seems like that's somewhat > of a security hole.
As Daniel pointed out, not filtering bpf is a design decision. When an application needs to use bpf, that means, it has requirements beyond normal ip-networking capabilities, so bpf filtering would require a different kind of interface/syntax, and would not really mix well with pf. Given that decision, we are aware of the risks of bpf, and are actively working on reducing these risks. The bpf interface was recently made safe for use in non-privileged programs, and as a result pflogd and tcpdump both run privilege-seperated in -current. Work is in progress about making dhclient and dhcpd privilege seperated. Can
