[PATCH] UBUNTU: SAUCE: [net] disable autoloading of rare protocols

Kees Cook kees.cook at canonical.com
Tue Jan 11 23:39:50 UTC 2011

On Tue, Jan 11, 2011 at 05:22:21PM -0600, Tim Gardner wrote:
> On 01/11/2011 04:54 PM, Kees Cook wrote:
> >This disables the autoloading of several rare network protocols
> >in an effort to reduce exposure to potential future security
> >issues with them, as recently demonstrated with RDS and Econet.

It's been recommended to possibly add can, rose, ax25, netrom, and phonet
to this list too.

> I'm not entirely opposed (having followed the original discussion on
> netdev). Could you describe for this list under what circumstances a
> protocol module is loaded and what DOSs and vulnerabilities this
> will prevent? I assume there are both user space and network receive
> side issues.

AFAIU, it is strictly a local issue. A process running:

    socket(AF_$SOMETHING, ...)

will trigger the kernel to autoload "net-pf-NNN". For a complete list of these
aliases, see the output:

    egrep "net-pf-[0-9]+ " /lib/modules/$(uname -r)/modules.alias


Kees Cook
Ubuntu Security Team

More information about the kernel-team mailing list