From bdavis@house.so14k.com  Thu Feb  3 11:32:18 2005
Return-Path: <bdavis@house.so14k.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4B10716A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  3 Feb 2005 11:32:18 +0000 (GMT)
Received: from ender.liquidneon.com (ender.liquidneon.com [64.78.150.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EECA043D66
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  3 Feb 2005 11:32:17 +0000 (GMT)
	(envelope-from bdavis@house.so14k.com)
Received: from localhost (localhost [127.0.0.1])
	by ender.liquidneon.com (Postfix) with ESMTP id 10FFA4407
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  3 Feb 2005 04:32:17 -0700 (MST)
Received: from ender.liquidneon.com ([127.0.0.1])
 by localhost (ender.liquidneon.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 80950-06 for <FreeBSD-gnats-submit@freebsd.org>;
 Thu,  3 Feb 2005 04:32:16 -0700 (MST)
Received: from mccaffrey.house.so14k.com (gw.house.so14k.com [216.87.87.128])
	by ender.liquidneon.com (Postfix) with ESMTP id 9BC7D43E4
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  3 Feb 2005 04:32:16 -0700 (MST)
Received: by mccaffrey.house.so14k.com (Postfix, from userid 1001)
	id 60664F5F; Thu,  3 Feb 2005 04:32:16 -0700 (MST)
Message-Id: <20050203113216.60664F5F@mccaffrey.house.so14k.com>
Date: Thu,  3 Feb 2005 04:32:16 -0700 (MST)
From: Brad Davis <so14k@so14k.com>
Reply-To: Brad Davis <so14k@so14k.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Add note to the effect that security by obscurity is not security.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         77058
>Category:       docs
>Synopsis:       Add note to the effect that security by obscurity is not security.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 03 11:40:28 GMT 2005
>Closed-Date:    Sun Feb 20 15:33:04 GMT 2005
>Last-Modified:  Sun Feb 20 15:33:04 GMT 2005
>Originator:     Brad Davis
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD mccaffrey.house.so14k.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri May 28 08:02:41 MDT 2004 root@mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/MCCAFFREY i386
>Description:
	Add note to the effect that security by obscurity is not security.
>How-To-Repeat:
	
>Fix:
--- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb  3 
04:20:21 2005
+++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     Thu Feb  3 
04:28:32 2005
@@ -4177,9 +4177,16 @@
        <para>Permitting version lookups on the <acronym>DNS</acronym>
          server could be opening the doors for an attacker.  A
          malicious user may use this information to hunt up known
-         exploits or bugs to utilize against the host.  A false version
-         string can be placed the <literal>options</literal> section of
-         <filename>named.conf</filename>:</para>
+         exploits or bugs to utilize against the host.</para>
+
+   <warning>
+     <para>This will not protect you from exploits. Only upgrading to a
+       version that is not vunerable will protect your server.</para>
+   </warning>
+
+   <para>A false version string can be placed the
+     <literal>options</literal> section of
+     <filename>named.conf</filename>:</para>
 
        <programlisting>options {
         directory       "/etc/namedb";A
>Release-Note:
>Audit-Trail:

From: Ceri Davies <ceri@submonkey.net>
To: Brad Davis <so14k@so14k.com>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security.
Date: Thu, 3 Feb 2005 13:48:39 +0000

 On Thu, Feb 03, 2005 at 04:32:16AM -0700, Brad Davis wrote:
 
 > --- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb  3 04:20:21 2005
 > +++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     Thu Feb  3 04:28:32 2005
 > @@ -4177,9 +4177,16 @@
 >         <para>Permitting version lookups on the <acronym>DNS</acronym>
 >           server could be opening the doors for an attacker.  A
 >           malicious user may use this information to hunt up known
 > -         exploits or bugs to utilize against the host.  A false version
 > -         string can be placed the <literal>options</literal> section of
 > -         <filename>named.conf</filename>:</para>
 > +         exploits or bugs to utilize against the host.</para>
 > +
 > +   <warning>
 > +     <para>This will not protect you from exploits. Only upgrading to a
 > +       version that is not vunerable will protect your server.</para>
 > +   </warning>
 > +
 > +   <para>A false version string can be placed the
 > +     <literal>options</literal> section of
 > +     <filename>named.conf</filename>:</para>
 >  
 >         <programlisting>options {
 >          directory       "/etc/namedb";A
 
 ispell again please; "vunerable" at least is incorrect.
 
 Cheers,
 
 Ceri

From: Brad Davis <so14k@so14k.com>
To: Ceri Davies <ceri@submonkey.net>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security.
Date: Thu, 3 Feb 2005 07:36:53 -0700

 Oh my. Thanks for catching my mistakes.
 
 
 Regards,
 Brad
 
 --- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml 
 Thu Feb  3 04:20:21 2005
 +++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml     
 Thu Feb  3 04:28:32 2005
 @@ -4177,9 +4177,16 @@
          <para>Permitting version lookups on the <acronym>DNS</acronym>
            server could be opening the doors for an attacker.  A
            malicious user may use this information to hunt up known
 -         exploits or bugs to utilize against the host.  A false version
 -         string can be placed the <literal>options</literal> section of
 -         <filename>named.conf</filename>:</para>
 +         exploits or bugs to utilize against the host.</para>
 +
 +   <warning>
 +     <para>This will not protect you from exploits. Only upgrading to a
 +       version that is not vulnerable will protect your server.</para>
 +   </warning>
 +
 +   <para>A false version string can be placed the
 +     <literal>options</literal> section of
 +     <filename>named.conf</filename>:</para>
 
          <programlisting>options {
           directory       "/etc/namedb";
 

From: "Siebrand Mazeland" <s.mazeland@xs4all.nl>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security.
Date: Sun, 20 Feb 2005 13:12:30 +0100

 Looks ready for commit to me.
 
State-Changed-From-To: open->closed 
State-Changed-By: simon 
State-Changed-When: Sun Feb 20 15:32:43 GMT 2005 
State-Changed-Why:  
Committed (with minor modifications), thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77058 
>Unformatted:
