projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e6bf7a3)
hamradio: Disable auto-loading as mitigation against local exploits
authorBen Hutchings <ben@decadent.org.uk>
Sun, 4 Aug 2019 23:29:11 +0000 (00:29 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Sun, 23 Aug 2020 13:44:14 +0000 (14:44 +0100)
Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used.  Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

net/ax25/af_ax25.c patch | blob | history
net/netrom/af_netrom.c patch | blob | history
net/rose/af_rose.c patch | blob | history

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index dec3f35467c9e195628c26fbb84be2d87d2746a9..1d02e8352fb8c7e661a47c4ab4cb8294a1eb7639 100644 (file)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1996,7 +1996,7 @@ module_init(ax25_init);
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_AX25);
+/* MODULE_ALIAS_NETPROTO(PF_AX25); */
 
 static void __exit ax25_exit(void)
 {
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 7b1a74f74aad568e8fb0135321bc3e53ba73a36d..fa73be473dc1b927bc6113658286c55b0deaf1d4 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1465,7 +1465,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NET/ROM devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_NETROM);
+/* MODULE_ALIAS_NETPROTO(PF_NETROM); */
 
 static void __exit nr_exit(void)
 {
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 1e8eeb044b07d8c402cfd101896ecc02624e0360..9465af5995501483ce8516e779cd2d788dde65eb 100644 (file)
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1554,7 +1554,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of ROSE devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_ROSE);
+/* MODULE_ALIAS_NETPROTO(PF_ROSE); */
 
 static void __exit rose_exit(void)
 {
Unnamed repository; edit this file 'description' to name the repository.