Blocklist rare network protocols
Team: DrWhax, ? (reviewer)
ax25 etc. kernel modules are automatically loaded in Tails
(since we’ve moved to ferm?). Both
blacklist these modules as they are of little use to the average user
and may contain undiscovered exploitable vulnerabilities (not mentioning
some of them have a poor track record when it comes to security).
We should do the same, presumably (short term) by copying their blacklist configuration file.
A better long term solution would be to see Debian do that by default,
or at least ship a package that provides the blacklist file so that
users can easily opt-in for the additional protection (perhaps this
package could even be pulled by
task-desktop). Debian’s well-known and
solidly-grounded reluctance to packages that ship only a small number of
configuration files may be an issue, though.
Parent Task: #7639
- Related to #12280 (closed)