On Tue, 25 Jul 2000, Tom Fitzgerald wrote:
> I should put a big IMHO at the beginning of all this...
>
> > You're missing a small point though. Appletalk is not a "service" that is
> > running all the time, and the appletalk kernel module is not loaded all
> > the time.
>
> But isn't it loaded automatically if the kernel receives Appletalk
> traffic? If so, then there's still the case where software will run that
> the computer's owner isn't aware of. Flaws in the appletalk module can
> make the system vulnerable to attack. This isn't implausible - Linux
> used to have bugs in its IP fragmentation code that made it possible to
> panic the system from outside.
>
> (I don't know how Linux loads modules... if this isn't possible, and the
> module can only load as the result of a local program action, then you're
> right. I still think Redhat is doing the right thing by not enabling
> tons of stuff automatically, even stuff they enabled in past versions, but
> in this case there was no benefit to disabling it.)
Yes, that is the difference. Appletalk is only loaded when a local
program tries to use that address family. I would be very worried if it
were triggered by incoming packets! :)
Andy
