From owner-freebsd-doc@FreeBSD.ORG  Thu Feb  3 13:50:29 2005
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2586516A4CE
	for <freebsd-doc@hub.freebsd.org>;
	Thu,  3 Feb 2005 13:50:29 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0071843D53
	for <freebsd-doc@hub.freebsd.org>;
	Thu,  3 Feb 2005 13:50:28 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j13DoStr074309
	for <freebsd-doc@freefall.freebsd.org>; Thu, 3 Feb 2005 13:50:28 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j13DoSea074307;
	Thu, 3 Feb 2005 13:50:28 GMT
	(envelope-from gnats)
Date: Thu, 3 Feb 2005 13:50:28 GMT
Message-Id: <200502031350.j13DoSea074307@freefall.freebsd.org>
To: freebsd-doc@FreeBSD.org
From: Ceri Davies <ceri@submonkey.net>
Subject: Re: docs/77058: Add note to the effect that security by obscurity
	is not security.
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Ceri Davies <ceri@submonkey.net>
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2005 13:50:29 -0000

The following reply was made to PR docs/77058; it has been noted by GNATS.

From: Ceri Davies <ceri@submonkey.net>
To: Brad Davis <so14k@so14k.com>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security.
Date: Thu, 3 Feb 2005 13:48:39 +0000

 On Thu, Feb 03, 2005 at 04:32:16AM -0700, Brad Davis wrote:
 
 > --- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb  3 04:20:21 2005
 > +++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     Thu Feb  3 04:28:32 2005
 > @@ -4177,9 +4177,16 @@
 >         <para>Permitting version lookups on the <acronym>DNS</acronym>
 >           server could be opening the doors for an attacker.  A
 >           malicious user may use this information to hunt up known
 > -         exploits or bugs to utilize against the host.  A false version
 > -         string can be placed the <literal>options</literal> section of
 > -         <filename>named.conf</filename>:</para>
 > +         exploits or bugs to utilize against the host.</para>
 > +
 > +   <warning>
 > +     <para>This will not protect you from exploits. Only upgrading to a
 > +       version that is not vunerable will protect your server.</para>
 > +   </warning>
 > +
 > +   <para>A false version string can be placed the
 > +     <literal>options</literal> section of
 > +     <filename>named.conf</filename>:</para>
 >  
 >         <programlisting>options {
 >          directory       "/etc/namedb";A
 
 ispell again please; "vunerable" at least is incorrect.
 
 Cheers,
 
 Ceri