Date: Thu, 3 Feb 2005 14:40:19 GMT From: Brad Davis <so14k@so14k.com> To: freebsd-doc@FreeBSD.org Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security. Message-ID: <200502031440.j13EeJaP080600@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/77058; it has been noted by GNATS.
From: Brad Davis <so14k@so14k.com>
To: Ceri Davies <ceri@submonkey.net>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security.
Date: Thu, 3 Feb 2005 07:36:53 -0700
Oh my. Thanks for catching my mistakes.
Regards,
Brad
--- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml
Thu Feb 3 04:20:21 2005
+++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml
Thu Feb 3 04:28:32 2005
@@ -4177,9 +4177,16 @@
<para>Permitting version lookups on the <acronym>DNS</acronym>
server could be opening the doors for an attacker. A
malicious user may use this information to hunt up known
- exploits or bugs to utilize against the host. A false version
- string can be placed the <literal>options</literal> section of
- <filename>named.conf</filename>:</para>
+ exploits or bugs to utilize against the host.</para>
+
+ <warning>
+ <para>This will not protect you from exploits. Only upgrading to a
+ version that is not vulnerable will protect your server.</para>
+ </warning>
+
+ <para>A false version string can be placed the
+ <literal>options</literal> section of
+ <filename>named.conf</filename>:</para>
<programlisting>options {
directory "/etc/namedb";
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502031440.j13EeJaP080600>