Skip site navigation (1)Skip section navigation (2) 
Date:      Thu,  3 Feb 2005 04:32:16 -0700 (MST)
From:      Brad Davis <so14k@so14k.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   docs/77058: Add note to the effect that security by obscurity is not security.
Message-ID:  <20050203113216.60664F5F@mccaffrey.house.so14k.com>
Resent-Message-ID: <200502031140.j13BeSQ3058904@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         77058
>Category:       docs
>Synopsis:       Add note to the effect that security by obscurity is not security.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 03 11:40:28 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Brad Davis
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD mccaffrey.house.so14k.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri May 28 08:02:41 MDT 2004 root@mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/MCCAFFREY i386
>Description:
	Add note to the effect that security by obscurity is not security.
>How-To-Repeat:
	
>Fix:
--- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb  3 
04:20:21 2005
+++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     Thu Feb  3 
04:28:32 2005
@@ -4177,9 +4177,16 @@
        <para>Permitting version lookups on the <acronym>DNS</acronym>
          server could be opening the doors for an attacker.  A
          malicious user may use this information to hunt up known
-         exploits or bugs to utilize against the host.  A false version
-         string can be placed the <literal>options</literal> section of
-         <filename>named.conf</filename>:</para>
+         exploits or bugs to utilize against the host.</para>
+
+   <warning>
+     <para>This will not protect you from exploits. Only upgrading to a
+       version that is not vunerable will protect your server.</para>
+   </warning>
+
+   <para>A false version string can be placed the
+     <literal>options</literal> section of
+     <filename>named.conf</filename>:</para>
 
        <programlisting>options {
         directory       "/etc/namedb";A
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050203113216.60664F5F>