From: Ben Hutchings Date: Fri, 19 Nov 2010 02:12:48 +0000 (+0000) Subject: [PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits X-Git-Tag: archive/raspbian/6.12.27-1+rpi1^2~49 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=41a2a0ad28f778b21ec286e0dbc334fd2e38092a;p=linux.git [PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits Forwarded: not-needed Recent review has revealed several bugs in obscure protocol implementations that can be exploited by local users for denial of service or privilege escalation. We can mitigate the effect of any remaining vulnerabilities in such protocols by preventing unprivileged users from loading the modules, so that they are only exploitable on systems where the administrator has chosen to load the protocol. The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was not present in the 'lenny' kernel, and seems to receive only sporadic maintenance. Therefore disable auto-loading. Signed-off-by: Ben Hutchings Gbp-Pq: Topic debian Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch --- diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c index 18d267921bb..786cd34c54c 100644 --- a/net/ieee802154/socket.c +++ b/net/ieee802154/socket.c @@ -1140,4 +1140,4 @@ module_exit(af_ieee802154_remove); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("IEEE 802.15.4 socket interface"); -MODULE_ALIAS_NETPROTO(PF_IEEE802154); +/* MODULE_ALIAS_NETPROTO(PF_IEEE802154); */