projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5216f3)
hamradio: Disable auto-loading as mitigation against local exploits
authorBen Hutchings <ben@decadent.org.uk>
Sun, 4 Aug 2019 23:29:11 +0000 (00:29 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Thu, 1 Feb 2024 08:05:49 +0000 (09:05 +0100)
Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used.  Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

net/ax25/af_ax25.c patch | blob | history
net/netrom/af_netrom.c patch | blob | history
net/rose/af_rose.c patch | blob | history

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 6b4c25a9237746265158900ab92d7f411b77ab79..3ca255c81be3d8784dfb0632b16bd88009999b88 100644 (file)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -2061,7 +2061,7 @@ module_init(ax25_init);
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_AX25);
+/* MODULE_ALIAS_NETPROTO(PF_AX25); */
 
 static void __exit ax25_exit(void)
 {
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index ec5747969f964623802b4aa0e59bab5428ebb91f..115f1cfd88985f0795c858ff66eeeb336335e40c 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1499,7 +1499,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NET/ROM devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_NETROM);
+/* MODULE_ALIAS_NETPROTO(PF_NETROM); */
 
 static void __exit nr_exit(void)
 {
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 29b74a569e0b0569579d41967ea7091551275045..0a05c77d5918410f8a615ba1b811a9ae6404bd5d 100644 (file)
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1631,7 +1631,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of ROSE devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_ROSE);
+/* MODULE_ALIAS_NETPROTO(PF_ROSE); */
 
 static void __exit rose_exit(void)
 {
Unnamed repository; edit this file 'description' to name the repository.