From: Stephen Hemminger <shemmin...@vyatta.com> Date: Mon, 22 Nov 2010 20:31:31 -0800
> On Tue, 23 Nov 2010 03:51:53 +0000 > Ben Hutchings <b...@decadent.org.uk> wrote: > >> Recent review has revealed several bugs in obscure protocol >> implementations that can be exploited by local users for denial of >> service or privilege escalation. >> >> The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the >> only changes appear to be adjustments for net API changes and fixes >> for bugs found by inspection. >> >> This protocol generally should not be enabled by distributions, since >> the cost of a security flaw affecting all installed systems presumably >> outweighs the benefit to the few (if any) legitimate users. >> >> Signed-off-by: Ben Hutchings <b...@decadent.org.uk> > > NAK there are still users and stuff does get fixed. > If you don't like it then disable it from config. Seriously, I can't even remember a bonifides security flaw in decnet being found recently and in fact the decnet stack is very well written code. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101122.211923.193717252.da...@davemloft.net
