Provide stronger wording about the security of statistics channel

Add more text about the importance of properly securing the statistics
channel and what is and what is not considered a security vulnerability.

(cherry picked from commit 6869c98d369270e4efbc3ffa0cd21526b32907de)

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 651c39d05877aa2bd9b747dec4a2a293dc6286fb..ef5e72228e58d47797f3f1c6dbcba96fdbd4a483 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -5842,9 +5842,21 @@ If no port is specified, port 80 is used for HTTP channels. The asterisk
 Attempts to open a statistics channel are restricted by the
 optional ``allow`` clause. Connections to the statistics channel are
 permitted based on the :term:`address_match_list`. If no ``allow`` clause is
-present, :iscman:`named` accepts connection attempts from any address; since
-the statistics may contain sensitive internal information, it is highly
-recommended to restrict the source of connection requests appropriately.
+present, :iscman:`named` accepts connection attempts from any address. Since
+the statistics may contain sensitive internal information, the source of
+connection requests must be restricted appropriately so that only
+trusted parties can access the statistics channel.
+
+Gathering data exposed by the statistics channel locks various subsystems in
+:iscman:`named`, which could slow down query processing if statistics data is
+requested too often.
+
+An issue in the statistics channel would be considered a security issue
+only if it could be exploited by unprivileged users circumventing the access
+control list. In other words, any issue in the statistics channel that could be
+used to access information unavailable otherwise, or to crash :iscman:`named`, is
+not considered a security issue if it can be avoided through the
+use of a secure configuration.
 
 If no :any:`statistics-channels` statement is present, :iscman:`named` does not
 open any communication channels.