projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e0e1fa7)
hamradio: Disable auto-loading as mitigation against local exploits
authorBen Hutchings <ben@decadent.org.uk>
Sun, 4 Aug 2019 23:29:11 +0000 (00:29 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Tue, 29 Mar 2022 20:46:53 +0000 (21:46 +0100)
Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used.  Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

net/ax25/af_ax25.c patch | blob | history
net/netrom/af_netrom.c patch | blob | history
net/rose/af_rose.c patch | blob | history

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 00bb087c2ca8b956a334588ebf1c4a0e3e812a85..f4f615bb3bbc84086408397ddfead20674a03c08 100644 (file)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -2009,7 +2009,7 @@ module_init(ax25_init);
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_AX25);
+/* MODULE_ALIAS_NETPROTO(PF_AX25); */
 
 static void __exit ax25_exit(void)
 {
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index fa9dc2ba39418b06bd1915e05dd8f2af5ec00ca2..9cf709c2e32ff7d31f8717bee4a65d79b7620037 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1488,7 +1488,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NET/ROM devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_NETROM);
+/* MODULE_ALIAS_NETPROTO(PF_NETROM); */
 
 static void __exit nr_exit(void)
 {
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 30a1cf4c16c6737d2acc587eadb853274caf5219..814b5e4f671ef0b1be0b98884b33b79f139900d8 100644 (file)
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1578,7 +1578,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of ROSE devices");
 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_ROSE);
+/* MODULE_ALIAS_NETPROTO(PF_ROSE); */
 
 static void __exit rose_exit(void)
 {
Unnamed repository; edit this file 'description' to name the repository.