1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 15/01/13 04:16 AM, Michael Weber wrote: |
5 |
> Hi, |
6 |
> |
7 |
> "This can have serious security implications" [1] |
8 |
> |
9 |
> For whom? |
10 |
|
11 |
I think the idea there is that a user expects eth0 and eth1 to stay |
12 |
the same, writes iptables rules on a per-interface basis to control |
13 |
what they want, then update the kernel or make some other change |
14 |
(upgraded udev, maybe? :D) which swaps them around and poof, the rules |
15 |
they thought were correct don't end up protecting them they way they |
16 |
assumed it would... |
17 |
|
18 |
Not saying this is necessarily valid, just saying how I interpreted |
19 |
their meaning of "serious security implications". |
20 |
|
21 |
|
22 |
|
23 |
> [about NIC names] ... Opt-out urges users into either adapt their |
24 |
> setups or disable the rules. |
25 |
|
26 |
Unless i'm mistaken (and i haven't done any sort of comprehensive |
27 |
search so I could be), I believe the majority of package rollouts for |
28 |
systemd-udev is going to provide an opt-in rather than an opt-out. I |
29 |
understand the general point here, that systemd-udev upstream perhaps |
30 |
should also be defaulting to an opt-in, but there isn't a whole lot of |
31 |
benefit in making that point on the gentoo ML.. :) |
32 |
-----BEGIN PGP SIGNATURE----- |
33 |
Version: GnuPG v2.0.19 (GNU/Linux) |
34 |
|
35 |
iF4EAREIAAYFAlD1YKMACgkQ2ugaI38ACPA8OgEAtK1Y3vHB3oBQyAdmZHYFZcBW |
36 |
4g9ry2YFts41Zu1wuXcA/REe9lunWnLQ9w4uZNxvFnZ0LqEK9lMrOP0pJEr3UHAq |
37 |
=06X2 |
38 |
-----END PGP SIGNATURE----- |