From: Ondřej Surý Date: Wed, 14 Sep 2022 12:18:32 +0000 (+0200) Subject: Provide stronger wording about the security of statistics channel X-Git-Tag: v9.18.8~32^2~1 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=474676a38c6f4033756cf29f943316ee9deb0aff;p=thirdparty%2Fbind9.git Provide stronger wording about the security of statistics channel Add more text about the importance of properly securing the statistics channel and what is and what is not considered a security vulnerability. (cherry picked from commit 6869c98d369270e4efbc3ffa0cd21526b32907de) --- diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 651c39d0587..ef5e72228e5 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -5842,9 +5842,21 @@ If no port is specified, port 80 is used for HTTP channels. The asterisk Attempts to open a statistics channel are restricted by the optional ``allow`` clause. Connections to the statistics channel are permitted based on the :term:`address_match_list`. If no ``allow`` clause is -present, :iscman:`named` accepts connection attempts from any address; since -the statistics may contain sensitive internal information, it is highly -recommended to restrict the source of connection requests appropriately. +present, :iscman:`named` accepts connection attempts from any address. Since +the statistics may contain sensitive internal information, the source of +connection requests must be restricted appropriately so that only +trusted parties can access the statistics channel. + +Gathering data exposed by the statistics channel locks various subsystems in +:iscman:`named`, which could slow down query processing if statistics data is +requested too often. + +An issue in the statistics channel would be considered a security issue +only if it could be exploited by unprivileged users circumventing the access +control list. In other words, any issue in the statistics channel that could be +used to access information unavailable otherwise, or to crash :iscman:`named`, is +not considered a security issue if it can be avoided through the +use of a secure configuration. If no :any:`statistics-channels` statement is present, :iscman:`named` does not open any communication channels.