Sorry, forgot to send it to the list, my fault.
btb schrieb:
On Nov 18, 2004, at 14.22, J�rg Harmuth wrote:
Hi Ben,
I don't know what the proper approach is, but if everything works correctly without ipv6 (I had problem without ipv6 some time ago, but I can't really recall what was up there) why not compile a kernel without ipv6 support ? This defenitely works, if it is a possibility at all. And it gives you the chance to remove more things you don't need from your kernel.
what is the proper approach to achieving this?
Have a nice time
Joerg
hi joerg-
thanks for replying.
i did start down that road a bit - and found out i am not yet comfortable enough with that process to trust myself (very very new to debian). besides, isn't the idea of loading and unloading (or not loading) modules that you don't have to recompile your kernel for this type of thing?
-ben
Hi Ben,
yes and no in my opinion. It is convenient to be able to disable kernel features at load time (and of course rub�n-time). But they still exist and an successful attacker could exploid one or more of them. For me the better choice is to _realy_ disable them (those I don't need) in the kernel configuration. If it's not there - what can you do with it ?
If you have never done kernel configuration it is hard work. I mean understanding all the things you should know for this. But in Debian there is a convenient way to do this (it is said to be convenient, but I never tried it - sorry, I don't even know the name of the package :( Hey list, can you help ?) But in my opinion it's worth while. It serves a lot of purposes.
Have a nice time
Joerg
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
