[PATCH] UBUNTU: SAUCE: [net] disable autoloading of rare protocols
Tim Gardner
tcanonical at tpi.com
Tue Jan 11 23:22:21 UTC 2011
On 01/11/2011 04:54 PM, Kees Cook wrote:
> This disables the autoloading of several rare network protocols
> in an effort to reduce exposure to potential future security
> issues with them, as recently demonstrated with RDS and Econet.
>
> Thanks to Ben Hutchings and Debian for the patches:
>
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=990932981b989699a710e1ec9eb3dd25f08ac362
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=189f09eb39228b11fe8a6b56a27ad09639150d37
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=6fd8c90166edf1595c2c828f7cbe4ba7febc4af8
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=8d92d7b141b4767f9877ffd1a2c7b0060d50628f
> http://git.debian.org/?p=kernel/linux-2.6.git;a=commitdiff;h=cf875d498103ff888db76892ae98ddc5ed0d3a4c
>
> Signed-off-by: Kees Cook<kees.cook at canonical.com>
> ---
> net/decnet/af_decnet.c | 2 +-
> net/econet/af_econet.c | 2 +-
> net/ieee802154/af_ieee802154.c | 2 +-
> net/rds/af_rds.c | 2 +-
> net/x25/af_x25.c | 2 +-
> 5 files changed, 5 insertions(+), 5 deletions(-)
>
I'm not entirely opposed (having followed the original discussion on
netdev). Could you describe for this list under what circumstances a
protocol module is loaded and what DOSs and vulnerabilities this will
prevent? I assume there are both user space and network receive side issues.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list