hamradio: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used.  Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 5b5363c99ed50c2b8baad246d3ec1757e0afd0d9..d4533ff1aafc579da4ba9c2196b22f6a4cdd7943 100644 (file)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -2060,7 +2060,7 @@ module_init(ax25_init);
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_AX25);
+/* MODULE_ALIAS_NETPROTO(PF_AX25); */
 
 static void __exit ax25_exit(void)
 {

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 6f7f4392cffb1bd382a89ebe925a7cad2d730b44..ce8a507778c360e3042c30a9c4b6f5280f24ff59 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1489,7 +1489,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NET/ROM devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_NETROM);
+/* MODULE_ALIAS_NETPROTO(PF_NETROM); */
 
 static void __exit nr_exit(void)
 {

diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index a8e3ec800a9c84f19e1f87630aa1eea4cb9d9390..177ace661dcf728718405df288123f3a0e5a609d 100644 (file)
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1586,7 +1586,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of ROSE devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_ROSE);
+/* MODULE_ALIAS_NETPROTO(PF_ROSE); */
 
 static void __exit rose_exit(void)
 {