From: Stephen Hemminger <shemminger@xxxxxxxxxx> Date: Mon, 22 Nov 2010 20:31:31 -0800 > On Tue, 23 Nov 2010 03:51:53 +0000 > Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote: > >> Recent review has revealed several bugs in obscure protocol >> implementations that can be exploited by local users for denial of >> service or privilege escalation. >> >> The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the >> only changes appear to be adjustments for net API changes and fixes >> for bugs found by inspection. >> >> This protocol generally should not be enabled by distributions, since >> the cost of a security flaw affecting all installed systems presumably >> outweighs the benefit to the few (if any) legitimate users. >> >> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> > > NAK there are still users and stuff does get fixed. > If you don't like it then disable it from config. Seriously, I can't even remember a bonifides security flaw in decnet being found recently and in fact the decnet stack is very well written code. _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
