On Mon, Nov 08, 2010 at 12:23:22AM +0000, Andrew Martin wrote:
Firstly, we should blacklist X.25 (net-pf-9 is the module). I don't think it realistically affects us, but CVE-2010-3873 gives you a remote DOS based on some bug in this code.
Secondly, can I suggest testing disabling module loading on carbon? If it works there, we can look at moving it to some of the more important machines, if it doesn't, we can just reboot it, without any great effects, given that it runs no real services.
Thanks Cian
I'd be up for this alright. We should open a ticket for this in, you know, our ticketing system. We can then add to that ticket the list of modules to blacklist, instead of a mail buried in my inbox.
Well, ideally we should do both :-) The ticket for what we've decided to do, the mails here for when we're still deciding.
Tickets should be tied into mails anyway. Someone needs to fix that.
Yeah, modules idea sounds good. Do it, etc.
OSHI- I wass working on this. Will finish it by the close of business friday.