On Wednesday 2015-11-11 19:40, Florian Westphal wrote: >Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> > Hiding the contents from non-root users does not achieve anything >> > practical. Possible values are well-known and the specifics can >> > be inferred from a list of loaded modules on most systems. Conversely, an administrator could just load all modules to give a false impression. Since the adversary can in turn expect it, he knows as little as before. In particular, containerized environments will have it such that many modules are loaded, but each container still has their own ruleset. So yeah, hiding the contents is not going to achieve anything - nor is showing. (I am concurring here with the other respondents.) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
