From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 19 Nov 2010 02:12:48 +0000 (+0000)
Subject: rds: Disable auto-loading as mitigation against local exploits
X-Git-Tag: archive/raspbian/4.9.82-1+deb9u3+rpi1_jessie~8^2~116
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d847e28b7de9a327a35fe28b36f5afc9183411b3;p=linux-4.9.git

rds: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation.  We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch
---

diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c
index 6beaeb1138f3..c669624b8042 100644
--- a/net/rds/af_rds.c
+++ b/net/rds/af_rds.c
@@ -665,4 +665,4 @@ MODULE_DESCRIPTION("RDS: Reliable Datagram Sockets"
 		   " v" DRV_VERSION " (" DRV_RELDATE ")");
 MODULE_VERSION(DRV_VERSION);
 MODULE_LICENSE("Dual BSD/GPL");
-MODULE_ALIAS_NETPROTO(PF_RDS);
+/* MODULE_ALIAS_NETPROTO(PF_RDS); */