Bug 77058

Summary: Add note to the effect that security by obscurity is not security.
Product: Documentation Reporter: Brad Davis <so14k>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Brad Davis 2005-02-03 11:40:28 UTC 
	Add note to the effect that security by obscurity is not security.
Comment 1 Ceri Davies 2005-02-03 13:48:39 UTC 
On Thu, Feb 03, 2005 at 04:32:16AM -0700, Brad Davis wrote:

> --- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb  3 04:20:21 2005
> +++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     Thu Feb  3 04:28:32 2005
> @@ -4177,9 +4177,16 @@
>         <para>Permitting version lookups on the <acronym>DNS</acronym>
>           server could be opening the doors for an attacker.  A
>           malicious user may use this information to hunt up known
> -         exploits or bugs to utilize against the host.  A false version
> -         string can be placed the <literal>options</literal> section of
> -         <filename>named.conf</filename>:</para>
> +         exploits or bugs to utilize against the host.</para>
> +
> +   <warning>
> +     <para>This will not protect you from exploits. Only upgrading to a
> +       version that is not vunerable will protect your server.</para>
> +   </warning>
> +
> +   <para>A false version string can be placed the
> +     <literal>options</literal> section of
> +     <filename>named.conf</filename>:</para>
>  
>         <programlisting>options {
>          directory       "/etc/namedb";A

ispell again please; "vunerable" at least is incorrect.

Cheers,

Ceri
Comment 2 Brad Davis 2005-02-03 14:36:53 UTC 
Oh my. Thanks for catching my mistakes.


Regards,
Brad

--- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml 
Thu Feb  3 04:20:21 2005
+++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     
Thu Feb  3 04:28:32 2005
@@ -4177,9 +4177,16 @@
         <para>Permitting version lookups on the <acronym>DNS</acronym>
           server could be opening the doors for an attacker.  A
           malicious user may use this information to hunt up known
-         exploits or bugs to utilize against the host.  A false version
-         string can be placed the <literal>options</literal> section of
-         <filename>named.conf</filename>:</para>
+         exploits or bugs to utilize against the host.</para>
+
+   <warning>
+     <para>This will not protect you from exploits. Only upgrading to a
+       version that is not vulnerable will protect your server.</para>
+   </warning>
+
+   <para>A false version string can be placed the
+     <literal>options</literal> section of
+     <filename>named.conf</filename>:</para>

         <programlisting>options {
          directory       "/etc/namedb";
Comment 3 Siebrand Mazeland 2005-02-20 12:12:30 UTC 
Looks ready for commit to me.
Comment 4 Simon L. B. Nielsen freebsd_committer freebsd_triage 2005-02-20 15:32:43 UTC 
State Changed
From-To: open->closed

Committed (with minor modifications), thanks!