On Sun, 2010-11-21 at 12:33 +0100, Moritz Muehlenhoff wrote: > On 2010-11-18, Ben Hutchings <ben@decadent.org.uk> wrote: > > > > --=-ukGC3PFRUIR65dSYwt1Z > > Content-Type: text/plain; charset="UTF-8" > > Content-Transfer-Encoding: quoted-printable > > > > Unlike device or filesystem modules, most protocol modules may be auto- > > loaded on behalf of local users without any special capabilities. This > > means that security vulnerabilities in such protocol modules may be > > exploitable by local users even on a system where there is no need for > > the protocol. > > What about CAN? It also had one or two privilege escalations in the > past and seems to be used only in special purpose embedded setups. I missed that because it doesn't allow protocol = 0 so my test program failed to create a socket. The valid combinations appear to be: socket(PF_CAN, SOCK_RAW, 1) socket(PF_CAN, SOCK_DGRAM, 2) The applications I see for CAN in Debian are: - Development of automobiles, their components or diagnostic systems - Reverse-engineering and security research into deployed networks (see <http://www.autosec.org/pubs/cars-oakland2010.pdf>) I would not expect the need to explicitly load the module to be a problem for these users. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part