Feature Request "secure by default"

Charles Curley charlescurley at charlescurley.com
Sun Jun 10 15:22:38 UTC 2007

On Sun, Jun 10, 2007 at 08:15:49PM +0530, Rahul Sundaram wrote:
> Andras Simon wrote:
> >
> >Right, but I think that it is relevant in a discussion about "secure
> >by default". (I'd be more than happy to be corrected about this.)
> I can't see how it is relevant. It isn't a daemon and it doesn't connect 
> to the network. If you did disable it and it was turned that is indeed a 
> bug that not one that really affects security.

I respectfully disagree. I realize that the ipv6 kernel module is not
a daemon and does not itself connect to the network. It is part of the

You've heard of "security by obscurity"? I prefer the opposite:
security by simplicity. I have a very simple rule of security: if it
isn't there, they can't crack it. If IPV6 is not requested, the module
should not be loaded.

Looking at my one F7 box (so far), I see that I have not checked IPV6
in system-config-network, but the module is loaded.


Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070610/a50fa6e4/attachment-0001.sig>

More information about the fedora-list mailing list