[Dnsmasq-discuss] Hiding/obscuring version.bind
Simon Kelley
simon at thekelleys.org.uk
Tue Sep 6 21:23:53 BST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
a) I tend to agree that it's pointless.
b) Not a run-time option, there are too many of those already.
c) Maybe the simplest solution is something like a NO_ID compile time
option that suppresses the whole .bind domain thing?
Certainly happy to take the patch.
Cheers,
Simon.
On 06/09/16 16:14, Kevin Darbyshire-Bryant wrote:
> Hi Simon & all,
>
> There has been a bit of activity on the security front in LEDE and
> a recent change proposed removing version numbers from software to
> avoid it leaking to 'the bad guys'. I'll say upfront that I'm not
> a fan of this approach feeling that it's more of the 'security
> through obscurity' route but minds cleverer than mine have thought
> about this so from a LEDE point of view 'we're stuck with it'.
>
> LEDE's approach is to simply change the VERSION file to 'UNKNOWN'
> at build time. I dislike this because it also removes any info
> from the startup logs or even 'dnsmasq --version' and on the basis
> that 'version number' is a somewhat basic requirement when
> providing advice/support here. A suggestion has been made to
> introduce a compile time option that replaces 'version.bind' with
> "dnsmasq-UNKNOWN', leaving all the usual version strings intact.
> The suggestion was also made rather than having a LEDE specific
> patch that 'upstream' dnsmasq might like this feature.
>
> I'm willing to do what should be a simple patch for that behaviour
> but is it a) a good idea? b) should it be a run-time option
> instead? c) should we consider obscuring other info as well?
>
> Cheers,
>
> Kevin
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJXzyXYAAoJEBXN2mrhkTWiE90P/1KewRyDq9rcbrddiKQhP2WT
V364psZy9rWQPZbzJLXQ3QvD1CwQChynIzqzUywh2dT7dPSe/XSdTRXab+Fxy0gr
0aITJPNyxIv6i8402YP1JDT6eoAk4JQAdJChQi+UpBDHy6WXe7q4sJKWMIZYDV9/
9meqSZ6OAGtX8kYGA+gpFqPlI/1Y/LAucxInvtvB1ZMXSRk5nNeyEpy7OEsCTqr9
PBK6LRtnQU6Iq7emIWKz0FQZpNZ6xNubZD96OGHrWnfdpT3ONgDO1k0S8/v8S6gw
m1Rwexe0skVnNcGxL9lv5h8lC3w20iUi2OiuT5ebV+IuUkGXMcrW9yW/MKspsxcu
19Bo5VfvYCuNYlW0OCypON455iRf7cXBwzHOqgaVOYc/zBIdDAuBm+n2JAsw7suz
n7pRB8m3G8WPLs5ZKNIgZgasum81uIRD6XaKjOE9cGgO6XVD3u/2mcIQqbg/9QTf
FVlAttRw9T0N2ebKOgJuMX+/Z2OiK7NYP6kebmcdFNhp/xih3xLvpoS4OK9Wyr1q
7LCN5ebjmC/1tSNhhLSK+L/YUtkqFwGu5CL1IJRy6AQS98LxIOL3hRj2A5MRsgXb
fjYlNXqStlX1czPU7eK1zfSCGy6gUNThSvv8peJPtmdVC9IoVyUxCm4nGKzW7syO
vDAjvBAkXGbnbUkcVcfg
=MIfU
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list