Feature Request "secure by default"
Charles Curley
charlescurley at charlescurley.com
Sun Jun 10 15:22:38 UTC 2007
On Sun, Jun 10, 2007 at 08:15:49PM +0530, Rahul Sundaram wrote:
> Andras Simon wrote:
>
> >
> >Right, but I think that it is relevant in a discussion about "secure
> >by default". (I'd be more than happy to be corrected about this.)
>
> I can't see how it is relevant. It isn't a daemon and it doesn't connect
> to the network. If you did disable it and it was turned that is indeed a
> bug that not one that really affects security.
I respectfully disagree. I realize that the ipv6 kernel module is not
a daemon and does not itself connect to the network. It is part of the
kernel.
You've heard of "security by obscurity"? I prefer the opposite:
security by simplicity. I have a very simple rule of security: if it
isn't there, they can't crack it. If IPV6 is not requested, the module
should not be loaded.
Looking at my one F7 box (so far), I see that I have not checked IPV6
in system-config-network, but the module is loaded.
--
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070610/a50fa6e4/attachment-0001.sig>
More information about the fedora-list
mailing list