On Sat, 2022-05-14 at 22:43 +0300, Andrei Borzenkov wrote: > On 14.05.2022 22:24, Thomas Haller wrote: > > Hi, > > > > > > On Sat, 2022-05-14 at 07:38 +0300, Andrei Borzenkov via > > networkmanager- > > list wrote: > > > > > > > > > > > > The background is a security requirement. Unused interfaces > > > > must > > > > ideally remain disabled at the physical layer when a cable is > > > > plugged > > > > in. Ideally, the LEDs would also remain dark. > > > > > > > > > > It sounds like > > > > > > no-auto-default=* > > > > > > mostly does what you want. > > > > > > that option merely disables that NetworkManager will automatically > > generate a profile for ethernet devices, that don't have a profile > > yet. > > Such profiles are called "Wired connection 1", which is how you can > > recognize it. > > > > This does very little magic, you can manually create a profile to > > the > > same effect. In any case, NetworkManager would have already set the > > interface IFF_UP at this point -- regardless of "(no-)auto- > > default". > > > > Sure, but usual question is - what are the expected threats? Simply > having interface up does not hurt anyone (except may be audit > company). > But having automatic profile on interface allows someone to connect > PC > with DHCP server and so get known IP address to (attempt to) access > the > server. This is prevented by no-auto-default. >
you are right! Thomas _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
