From d2d6abd1d143e2f50e3ce7b5e61e3d0fc61d1e2d Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 20 Nov 2010 02:24:55 +0000 Subject: [PATCH] [PATCH] decnet: Disable auto-loading as mitigation against local exploits Forwarded: not-needed Recent review has revealed several bugs in obscure protocol implementations that can be exploited by local users for denial of service or privilege escalation. We can mitigate the effect of any remaining vulnerabilities in such protocols by preventing unprivileged users from loading the modules, so that they are only exploitable on systems where the administrator has chosen to load the protocol. The 'decnet' protocol is unmaintained and of mostly historical interest, and the user-space support package 'dnet-common' loads the module explicitly. Therefore disable auto-loading. Signed-off-by: Ben Hutchings Gbp-Pq: Topic debian Gbp-Pq: Name decnet-Disable-auto-loading-as-mitigation-against-lo.patch --- net/decnet/af_decnet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c index 5dbd45dc35a..d9ca8600f09 100644 --- a/net/decnet/af_decnet.c +++ b/net/decnet/af_decnet.c @@ -2338,7 +2338,7 @@ static const struct proto_ops dn_proto_ops = { MODULE_DESCRIPTION("The Linux DECnet Network Protocol"); MODULE_AUTHOR("Linux DECnet Project Team"); MODULE_LICENSE("GPL"); -MODULE_ALIAS_NETPROTO(PF_DECnet); +/* MODULE_ALIAS_NETPROTO(PF_DECnet); */ static const char banner[] __initconst = KERN_INFO "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n"; -- 2.30.2