Re: /proc/sys/net/* proliferation

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sun, 14 Sep 1997 01:02:22 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H. Peter Anvin: "Re: zImages and such"
Previous message: Aaron Tiensivu: "[2.1.54+] SoundBlaster 2.0 breaks"
In reply to: Andreas Kleen: "Re: /proc/sys/net/* proliferation"

> > can only be changed at compile time (as in 2.0.x) it should be on so the
> > functionality is there for those who need it.
>
> No, it shouldn't because it can cause serious harm and security holes
> on multihomed hosts. I'm pretty sure that the host requirements RFC
> requires an explicit user action to enable it.

RFC1122 does indeed require that a system is a host by default and routing
must be switched on. In 2.1.x this problem goes away (its a sysctl), in
2.0.x a vendor could always ship a seperate kernel

Next message: H. Peter Anvin: "Re: zImages and such"
Previous message: Aaron Tiensivu: "[2.1.54+] SoundBlaster 2.0 breaks"
In reply to: Andreas Kleen: "Re: /proc/sys/net/* proliferation"