docs/77058: Add note to the effect that security by obscurity is not security.
Brad Davis
so14k at so14k.com
Thu Feb 3 11:40:29 UTC 2005
>Number: 77058
>Category: docs
>Synopsis: Add note to the effect that security by obscurity is not security.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 03 11:40:28 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Brad Davis
>Release: FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD mccaffrey.house.so14k.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri May 28 08:02:41 MDT 2004 root at mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/MCCAFFREY i386
>Description:
Add note to the effect that security by obscurity is not security.
>How-To-Repeat:
>Fix:
--- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb 3
04:20:21 2005
+++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb 3
04:28:32 2005
@@ -4177,9 +4177,16 @@
<para>Permitting version lookups on the <acronym>DNS</acronym>
server could be opening the doors for an attacker. A
malicious user may use this information to hunt up known
- exploits or bugs to utilize against the host. A false version
- string can be placed the <literal>options</literal> section of
- <filename>named.conf</filename>:</para>
+ exploits or bugs to utilize against the host.</para>
+
+ <warning>
+ <para>This will not protect you from exploits. Only upgrading to a
+ version that is not vunerable will protect your server.</para>
+ </warning>
+
+ <para>A false version string can be placed the
+ <literal>options</literal> section of
+ <filename>named.conf</filename>:</para>
<programlisting>options {
directory "/etc/namedb";A
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-doc
mailing list