Blacklisting/Disabling AF_<arcane networking>

[Andy Whitcroft]

At UDS there was some discussion about how we have almost all of the
address family support AF_* built as modules.  This means that a simple
socket(AF_ARCANE_THING, ...) or indeed an incoming packet will trigger
loading of these modules and expose us to any security issues in those
modules.

The UDS discussion suggested that at least blacklisting any un-common
address families might be appropriate; a user requiring this would then
simply add the module to /etc/modules to re-enable it.  Futher discussion
on IRC and other places has suggested that some of these address families
do not even warrant building at all.  For example ECONET supports a
network which is very likely not even in existance let alone common on
our target hardware.

In the face of recent security alerts I am inclined to think that is an
entirly reasonable approach and am keen to understand any issues this
may cause.   How can we progress with this?

-apw