[PATCH] UBUNTU: SAUCE: [net] disable autoloading of rare protocols

Tim Gardner tcanonical at tpi.com
Tue Jan 11 23:22:21 UTC 2011


On 01/11/2011 04:54 PM, Kees Cook wrote:
> This disables the autoloading of several rare network protocols
> in an effort to reduce exposure to potential future security
> issues with them, as recently demonstrated with RDS and Econet.
>
> Thanks to Ben Hutchings and Debian for the patches:
>
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=990932981b989699a710e1ec9eb3dd25f08ac362
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=189f09eb39228b11fe8a6b56a27ad09639150d37
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=6fd8c90166edf1595c2c828f7cbe4ba7febc4af8
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=8d92d7b141b4767f9877ffd1a2c7b0060d50628f
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=cf875d498103ff888db76892ae98ddc5ed0d3a4c
>
> Signed-off-by: Kees Cook<kees.cook at canonical.com>
> ---
>   net/decnet/af_decnet.c         |    2 +-
>   net/econet/af_econet.c         |    2 +-
>   net/ieee802154/af_ieee802154.c |    2 +-
>   net/rds/af_rds.c               |    2 +-
>   net/x25/af_x25.c               |    2 +-
>   5 files changed, 5 insertions(+), 5 deletions(-)
>

I'm not entirely opposed (having followed the original discussion on 
netdev). Could you describe for this list under what circumstances a 
protocol module is loaded and what DOSs and vulnerabilities this will 
prevent? I assume there are both user space and network receive side issues.

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list