summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/blacklist_modules.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/blueprint/blacklist_modules.mdwn')
-rw-r--r--wiki/src/blueprint/blacklist_modules.mdwn15
1 files changed, 7 insertions, 8 deletions
diff --git a/wiki/src/blueprint/blacklist_modules.mdwn b/wiki/src/blueprint/blacklist_modules.mdwn
index 788c660..08e5a60 100644
--- a/wiki/src/blueprint/blacklist_modules.mdwn
+++ b/wiki/src/blueprint/blacklist_modules.mdwn
@@ -11,23 +11,22 @@ Corresponding tickets:
Modules to blacklist
====================
-* ax25: **FIXME: explanation** (amateur radio)
+* ax25: ([[!wikipedia AX.25]]) amateur radio. Kernel module to work with amateur radio. Has had numerous vulnerabilities in the past. CVE's: CVE-2009-2909/CVE-2013-3223/. Indirect: CVE-2014-1446
Modules to remove
=================
-* ipx: **FIXME: explanation** ([[!wikipedia Internetwork_Packet_Exchange]])
-* appletalk: [[!wikipedia AppleTalk]], unsupported in OS X since 2009
-* psnap: ([[!wikipedia Subnetwork_Access_Protocol]] **FIXME: explanation**
+* ipx: ([[!wikipedia Internetwork_Packet_Exchange]]) Primarily used on Novell Netware networks and popular in the 90's. Little networks make use of IPX if any. CVE-2013-7268.
+* appletalk: [[!wikipedia AppleTalk]], unsupported in OS X since 2009. CVE's: CVE-2013-7267/CVE-2009-2903/CVE-2007-1357
+* psnap: ([[!wikipedia Subnetwork_Access_Protocol]] Relies on the ipx module, obscure and not used much.
* rose: (network protocol derived from X.25) **FIXME: explanation**
-* p8023: [[!wikipedia Ethernet_frame#Novell_raw_IEEE_802.3]], was used by Novel NetWare until the mid-nineties; **FIXME: explanation**
+* p8023: [[!wikipedia Ethernet_frame#Novell_raw_IEEE_802.3]], was used by Novel NetWare until the mid-nineties. Relies on the ipx module.
* llc: (ANSI/IEEE 802.2 LLC type 2 Support, [[!wikipedia IEEE_802.2]] **FIXME: explanation**
* p8022: [[!wikipedia IEEE_802.2]] **FIXME: explanation**
* decnet: The Linux DECnet Network Protocol FIXME: explanation
* econet: FIXME: explanation
* netrom: The amateur radio NET/ROM network and transport layer protocol FIXME: explanation
-* af_802154: FIXME: explanation
+* af_802154: [[!wikipedia IEEE_802.15.4]] Kernel module to make low-power, low-rate network standard possible.
[1] https://wiki.ubuntu.com/Security/Features#blacklist-rare-net
-
-[2]https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols
+[2] https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols