On Sun, Jun 10, 2007 at 08:15:49PM +0530, Rahul Sundaram wrote: > Andras Simon wrote: > > > > >Right, but I think that it is relevant in a discussion about "secure > >by default". (I'd be more than happy to be corrected about this.) > > I can't see how it is relevant. It isn't a daemon and it doesn't connect > to the network. If you did disable it and it was turned that is indeed a > bug that not one that really affects security. I respectfully disagree. I realize that the ipv6 kernel module is not a daemon and does not itself connect to the network. It is part of the kernel. You've heard of "security by obscurity"? I prefer the opposite: security by simplicity. I have a very simple rule of security: if it isn't there, they can't crack it. If IPV6 is not requested, the module should not be loaded. Looking at my one F7 box (so far), I see that I have not checked IPV6 in system-config-network, but the module is loaded. -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
Attachment:
pgpK7Sfz7Gt4T.pgp
Description: PGP signature
