[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security: auto-loading protocol modules



On 2010-11-18, Ben Hutchings <ben@decadent.org.uk> wrote:
>
> --=-ukGC3PFRUIR65dSYwt1Z
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> Unlike device or filesystem modules, most protocol modules may be auto-
> loaded on behalf of local users without any special capabilities.  This
> means that security vulnerabilities in such protocol modules may be
> exploitable by local users even on a system where there is no need for
> the protocol.

What about CAN? It also had one or two privilege escalations in the
past and seems to be used only in special purpose embedded setups.

Cheers,
        Moritz


Reply to: