2010-11-20 02:31:37 +00:00
|
|
|
From: Ben Hutchings <ben@decadent.org.uk>
|
|
|
|
Date: Sat, 20 Nov 2010 02:24:55 +0000
|
|
|
|
Subject: [PATCH] decnet: Disable auto-loading as mitigation against local exploits
|
2013-05-06 22:10:37 +00:00
|
|
|
Forwarded: not-needed
|
2010-11-20 02:31:37 +00:00
|
|
|
|
|
|
|
Recent review has revealed several bugs in obscure protocol
|
|
|
|
implementations that can be exploited by local users for denial of
|
|
|
|
service or privilege escalation. We can mitigate the effect of any
|
|
|
|
remaining vulnerabilities in such protocols by preventing unprivileged
|
|
|
|
users from loading the modules, so that they are only exploitable on
|
|
|
|
systems where the administrator has chosen to load the protocol.
|
|
|
|
|
|
|
|
The 'decnet' protocol is unmaintained and of mostly historical
|
|
|
|
interest, and the user-space support package 'dnet-common' loads the
|
|
|
|
module explicitly. Therefore disable auto-loading.
|
|
|
|
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
|
|
---
|
|
|
|
net/decnet/af_decnet.c | 2 +-
|
|
|
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
|
|
|
|
2019-10-25 20:57:23 +00:00
|
|
|
Index: linux/net/decnet/af_decnet.c
|
|
|
|
===================================================================
|
|
|
|
--- linux.orig/net/decnet/af_decnet.c
|
|
|
|
+++ linux/net/decnet/af_decnet.c
|
|
|
|
@@ -2346,7 +2346,7 @@ static const struct proto_ops dn_proto_o
|
2010-11-20 02:31:37 +00:00
|
|
|
MODULE_DESCRIPTION("The Linux DECnet Network Protocol");
|
|
|
|
MODULE_AUTHOR("Linux DECnet Project Team");
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
-MODULE_ALIAS_NETPROTO(PF_DECnet);
|
|
|
|
+/* MODULE_ALIAS_NETPROTO(PF_DECnet); */
|
|
|
|
|
2017-07-18 00:06:31 +00:00
|
|
|
static const char banner[] __initconst = KERN_INFO
|
|
|
|
"NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n";
|