Hi, On 31/07/2019 00:53, Ben Hutchings wrote: > Iain seems to be saying in > <https://lists.debian.org/debian-hams/2019/07/msg00037.html> that ax25 > is now badly broken, and I don't think we should enable badly broken > features. (However, so far as I know the only reason it's disabled on > arm64 is due to historical accident: it is not enabled in the top-level > config file but only by per-architecture config files.) On investigation, it does appear that it is only IP over AX.25 that has been broken, not the whole AX.25 stack. I guess this is because the IP stack gets touched regularly and there is not enough test (automated or manual) coverage for AX.25 to notice when things break. For pure AX.25 the module does still seem to be reliable and free of obvious bugs. #783160 should probably be assigned to the kernel package and forwarded upstream. I have no idea how to forward bugs for the Linux kernel itself. If there's some primer on that I could read that would be handy, or maybe the kernel team would want to do the forwarding. > Also, every network protocol that can be auto-loaded adds to the attack > surface of the kernel. At the very least we should disable auto- > loading of ax25 (and I'm a little surprised I hadn't done that > already). Setting up an AX.25 interface is already a pretty manual process, if it were necessary to run modprobe or something similar to set up an interface then this is easy enough to do and wouldn't be an unreasonable burden on users imo. Thanks, Iain. (please keep me in CC, I am not subscribed)
Attachment:
signature.asc
Description: OpenPGP digital signature