Re: Feature Request "secure by default"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Sun, Jun 10, 2007 at 08:15:49PM +0530, Rahul Sundaram wrote:
> Andras Simon wrote:
> >
> >Right, but I think that it is relevant in a discussion about "secure
> >by default". (I'd be more than happy to be corrected about this.)
> I can't see how it is relevant. It isn't a daemon and it doesn't connect 
> to the network. If you did disable it and it was turned that is indeed a 
> bug that not one that really affects security.

I respectfully disagree. I realize that the ipv6 kernel module is not
a daemon and does not itself connect to the network. It is part of the

You've heard of "security by obscurity"? I prefer the opposite:
security by simplicity. I have a very simple rule of security: if it
isn't there, they can't crack it. If IPV6 is not requested, the module
should not be loaded.

Looking at my one F7 box (so far), I see that I have not checked IPV6
in system-config-network, but the module is loaded.


Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB

Attachment: pgpK7Sfz7Gt4T.pgp
Description: PGP signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux