[PATCH] UBUNTU: SAUCE: [net] disable autoloading of rare protocols

Kees Cook kees at ubuntu.com
Tue Jan 11 22:54:13 UTC 2011


This disables the autoloading of several rare network protocols
in an effort to reduce exposure to potential future security
issues with them, as recently demonstrated with RDS and Econet.

Thanks to Ben Hutchings and Debian for the patches:

http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=990932981b989699a710e1ec9eb3dd25f08ac362
http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=189f09eb39228b11fe8a6b56a27ad09639150d37
http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=6fd8c90166edf1595c2c828f7cbe4ba7febc4af8
http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=8d92d7b141b4767f9877ffd1a2c7b0060d50628f
http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=cf875d498103ff888db76892ae98ddc5ed0d3a4c

Signed-off-by: Kees Cook <kees.cook at canonical.com>
---
 net/decnet/af_decnet.c         |    2 +-
 net/econet/af_econet.c         |    2 +-
 net/ieee802154/af_ieee802154.c |    2 +-
 net/rds/af_rds.c               |    2 +-
 net/x25/af_x25.c               |    2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 6f97268..8c226bc 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -2361,7 +2361,7 @@ void dn_unregister_sysctl(void);
 MODULE_DESCRIPTION("The Linux DECnet Network Protocol");
 MODULE_AUTHOR("Linux DECnet Project Team");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_DECnet);
+/*MODULE_ALIAS_NETPROTO(PF_DECnet);*/
 
 static char banner[] __initdata = KERN_INFO "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n";
 
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 15dcc1a..548ccbf 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -1179,4 +1179,4 @@ module_init(econet_proto_init);
 module_exit(econet_proto_exit);
 
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_ECONET);
+/*MODULE_ALIAS_NETPROTO(PF_ECONET);*/
diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c
index 93c91b6..46dc52c 100644
--- a/net/ieee802154/af_ieee802154.c
+++ b/net/ieee802154/af_ieee802154.c
@@ -370,4 +370,4 @@ module_init(af_ieee802154_init);
 module_exit(af_ieee802154_remove);
 
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_IEEE802154);
+/*MODULE_ALIAS_NETPROTO(PF_IEEE802154);*/
diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c
index bb6ad81..821c578 100644
--- a/net/rds/af_rds.c
+++ b/net/rds/af_rds.c
@@ -600,4 +600,4 @@ MODULE_DESCRIPTION("RDS: Reliable Datagram Sockets"
 		   " v" DRV_VERSION " (" DRV_RELDATE ")");
 MODULE_VERSION(DRV_VERSION);
 MODULE_LICENSE("Dual BSD/GPL");
-MODULE_ALIAS_NETPROTO(PF_RDS);
+/*MODULE_ALIAS_NETPROTO(PF_RDS);*/
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index f7af98d..f02d762 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1828,4 +1828,4 @@ module_exit(x25_exit);
 MODULE_AUTHOR("Jonathan Naylor <g4klx at g4klx.demon.co.uk>");
 MODULE_DESCRIPTION("The X.25 Packet Layer network layer protocol");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_X25);
+/*MODULE_ALIAS_NETPROTO(PF_X25);*/
-- 
1.7.2.3


-- 
Kees Cook
Ubuntu Security Team




More information about the kernel-team mailing list