diff options
Diffstat (limited to 'debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch')
| -rw-r--r-- | debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch new file mode 100644 index 000000000..b532d0054 --- /dev/null +++ b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch @@ -0,0 +1,48 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 05 Aug 2019 00:29:11 +0100 +Subject: hamradio: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +We can mitigate the effect of vulnerabilities in obscure protocols by +preventing unprivileged users from loading the modules, so that they +are only exploitable on systems where the administrator has chosen to +load the protocol. + +The 'ham' radio protocols (ax25, netrom, rose) are not actively +maintained or widely used. Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -1986,7 +1986,7 @@ module_init(ax25_init); + MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); + MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_AX25); ++/* MODULE_ALIAS_NETPROTO(PF_AX25); */ + + static void __exit ax25_exit(void) + { +--- a/net/netrom/af_netrom.c ++++ b/net/netrom/af_netrom.c +@@ -1486,7 +1486,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NE + MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); + MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_NETROM); ++/* MODULE_ALIAS_NETPROTO(PF_NETROM); */ + + static void __exit nr_exit(void) + { +--- a/net/rose/af_rose.c ++++ b/net/rose/af_rose.c +@@ -1577,7 +1577,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of + MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); + MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_ROSE); ++/* MODULE_ALIAS_NETPROTO(PF_ROSE); */ + + static void __exit rose_exit(void) + { |