Things to remove from /rescue
John-Mark Gurney
gurney_j at efn.org
Thu Jul 17 01:43:26 PDT 2003
David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700:
> - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs
> these? /rescue is to fix a borked /, not replace PicoBSD.
ipfw I can see as useful. If you have a kernel that defaults to closed,
and you need to access the network, then this is a problem. If we had
a loader tunable to make a closed firewall open, then this wouldn't be
needed, but then we introduce the fun security hole of /boot/loader.conf
munging, which is minor... if someone can modify /boot/loader.conf, you
have bigger fish to fry..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-arch
mailing list