summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/blacklist_modules.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/blueprint/blacklist_modules.mdwn')
-rw-r--r--wiki/src/blueprint/blacklist_modules.mdwn27
1 files changed, 19 insertions, 8 deletions
diff --git a/wiki/src/blueprint/blacklist_modules.mdwn b/wiki/src/blueprint/blacklist_modules.mdwn
index 4638d42..788c660 100644
--- a/wiki/src/blueprint/blacklist_modules.mdwn
+++ b/wiki/src/blueprint/blacklist_modules.mdwn
@@ -1,5 +1,8 @@
[[!toc levels=2]]
+Debian ships a long list of modules for wide support of devices, filesystems, protocols. Some of these modules have a pretty bad security track record, and some of those are simply not used by most of our users.
+
+Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
Corresponding tickets:
* [[!tails_ticket 7575]]
@@ -8,15 +11,23 @@ Corresponding tickets:
Modules to blacklist
====================
-* ax25: **FIXME: explanation**
+* ax25: **FIXME: explanation** (amateur radio)
Modules to remove
=================
-* ipx: **FIXME: explanation**
-* appletalk: **FIXME: explanation**
-* psnap: **FIXME: explanation**
-* rose: **FIXME: explanation**
-* p8023: **FIXME: explanation**
-* llc: **FIXME: explanation**
-* p8022: **FIXME: explanation**
+* ipx: **FIXME: explanation** ([[!wikipedia Internetwork_Packet_Exchange]])
+* appletalk: [[!wikipedia AppleTalk]], unsupported in OS X since 2009
+* psnap: ([[!wikipedia Subnetwork_Access_Protocol]] **FIXME: explanation**
+* rose: (network protocol derived from X.25) **FIXME: explanation**
+* p8023: [[!wikipedia Ethernet_frame#Novell_raw_IEEE_802.3]], was used by Novel NetWare until the mid-nineties; **FIXME: explanation**
+* llc: (ANSI/IEEE 802.2 LLC type 2 Support, [[!wikipedia IEEE_802.2]] **FIXME: explanation**
+* p8022: [[!wikipedia IEEE_802.2]] **FIXME: explanation**
+* decnet: The Linux DECnet Network Protocol FIXME: explanation
+* econet: FIXME: explanation
+* netrom: The amateur radio NET/ROM network and transport layer protocol FIXME: explanation
+* af_802154: FIXME: explanation
+
+[1] https://wiki.ubuntu.com/Security/Features#blacklist-rare-net
+
+[2]https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols