summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/blacklist_modules.mdwn
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2015-03-03 10:25:45 +0000
committerintrigeri <intrigeri@boum.org>2015-03-03 10:25:45 +0000
commit131d8f78a3cbd86f0fdba929e72130b80070c134 (patch)
tree7edd2164003fac96d2a25201ffe3e642b3f7b15b /wiki/src/blueprint/blacklist_modules.mdwn
parent9e7aa97db078177c8f36d227a22b8a79da5096b6 (diff)
parent5ec5f06708514a494044e40a175e8d80fa446e5a (diff)
Merge remote-tracking branch 'origin/master' into faq/7926-apt-get-upgradefaq/7926-apt-get-upgrade
Diffstat (limited to 'wiki/src/blueprint/blacklist_modules.mdwn')
-rw-r--r--wiki/src/blueprint/blacklist_modules.mdwn27
1 files changed, 19 insertions, 8 deletions
diff --git a/wiki/src/blueprint/blacklist_modules.mdwn b/wiki/src/blueprint/blacklist_modules.mdwn
index 4638d42..788c660 100644
--- a/wiki/src/blueprint/blacklist_modules.mdwn
+++ b/wiki/src/blueprint/blacklist_modules.mdwn
@@ -1,5 +1,8 @@
[[!toc levels=2]]
+Debian ships a long list of modules for wide support of devices, filesystems, protocols. Some of these modules have a pretty bad security track record, and some of those are simply not used by most of our users.
+
+Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
Corresponding tickets:
* [[!tails_ticket 7575]]
@@ -8,15 +11,23 @@ Corresponding tickets:
Modules to blacklist
====================
-* ax25: **FIXME: explanation**
+* ax25: **FIXME: explanation** (amateur radio)
Modules to remove
=================
-* ipx: **FIXME: explanation**
-* appletalk: **FIXME: explanation**
-* psnap: **FIXME: explanation**
-* rose: **FIXME: explanation**
-* p8023: **FIXME: explanation**
-* llc: **FIXME: explanation**
-* p8022: **FIXME: explanation**
+* ipx: **FIXME: explanation** ([[!wikipedia Internetwork_Packet_Exchange]])
+* appletalk: [[!wikipedia AppleTalk]], unsupported in OS X since 2009
+* psnap: ([[!wikipedia Subnetwork_Access_Protocol]] **FIXME: explanation**
+* rose: (network protocol derived from X.25) **FIXME: explanation**
+* p8023: [[!wikipedia Ethernet_frame#Novell_raw_IEEE_802.3]], was used by Novel NetWare until the mid-nineties; **FIXME: explanation**
+* llc: (ANSI/IEEE 802.2 LLC type 2 Support, [[!wikipedia IEEE_802.2]] **FIXME: explanation**
+* p8022: [[!wikipedia IEEE_802.2]] **FIXME: explanation**
+* decnet: The Linux DECnet Network Protocol FIXME: explanation
+* econet: FIXME: explanation
+* netrom: The amateur radio NET/ROM network and transport layer protocol FIXME: explanation
+* af_802154: FIXME: explanation
+
+[1] https://wiki.ubuntu.com/Security/Features#blacklist-rare-net
+
+[2]https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols