2017-02-16 19:11:26 +00:00
|
|
|
From: Ben Hutchings <ben@decadent.org.uk>
|
|
|
|
Date: Thu, 16 Feb 2017 19:09:17 +0000
|
|
|
|
Subject: dccp: Disable auto-loading as mitigation against local exploits
|
|
|
|
Forwarded: not-needed
|
|
|
|
|
|
|
|
We can mitigate the effect of vulnerabilities in obscure protocols by
|
|
|
|
preventing unprivileged users from loading the modules, so that they
|
|
|
|
are only exploitable on systems where the administrator has chosen to
|
|
|
|
load the protocol.
|
|
|
|
|
|
|
|
The 'dccp' protocol is not actively maintained or widely used.
|
|
|
|
Therefore disable auto-loading.
|
|
|
|
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
|
|
---
|
2019-10-25 20:57:23 +00:00
|
|
|
Index: linux/net/dccp/ipv4.c
|
|
|
|
===================================================================
|
|
|
|
--- linux.orig/net/dccp/ipv4.c
|
|
|
|
+++ linux/net/dccp/ipv4.c
|
|
|
|
@@ -1079,8 +1079,8 @@ module_exit(dccp_v4_exit);
|
2017-02-16 19:11:26 +00:00
|
|
|
* values directly, Also cover the case where the protocol is not specified,
|
|
|
|
* i.e. net-pf-PF_INET-proto-0-type-SOCK_DCCP
|
|
|
|
*/
|
|
|
|
-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6);
|
|
|
|
-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6);
|
|
|
|
+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); */
|
|
|
|
+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); */
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
|
|
|
|
MODULE_DESCRIPTION("DCCP - Datagram Congestion Controlled Protocol");
|
2019-10-25 20:57:23 +00:00
|
|
|
Index: linux/net/dccp/ipv6.c
|
|
|
|
===================================================================
|
|
|
|
--- linux.orig/net/dccp/ipv6.c
|
|
|
|
+++ linux/net/dccp/ipv6.c
|
|
|
|
@@ -1162,8 +1162,8 @@ module_exit(dccp_v6_exit);
|
2017-02-16 19:11:26 +00:00
|
|
|
* values directly, Also cover the case where the protocol is not specified,
|
|
|
|
* i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
|
|
|
|
*/
|
|
|
|
-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
|
|
|
|
-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
|
|
|
|
+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); */
|
|
|
|
+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); */
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
|
|
|
|
MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
|