On Tue, 2010-11-30 at 10:31 -0800, Kees Cook wrote: > Hi Andy, > > On Tue, Nov 30, 2010 at 02:29:56PM +0000, Andy Whitcroft wrote: > > At UDS there was some discussion about how we have almost all of the > > address family support AF_* built as modules. This means that a simple > > socket(AF_ARCANE_THING, ...) or indeed an incoming packet will trigger > > loading of these modules and expose us to any security issues in those > > modules. > > > > The UDS discussion suggested that at least blacklisting any un-common > > address families might be appropriate; a user requiring this would then > > simply add the module to /etc/modules to re-enable it. Futher discussion > > on IRC and other places has suggested that some of these address families > > do not even warrant building at all. For example ECONET supports a > > network which is very likely not even in existance let alone common on > > our target hardware. > > > > In the face of recent security alerts I am inclined to think that is an > > entirly reasonable approach and am keen to understand any issues this > > may cause. How can we progress with this? > > Totally agreed. My impulse is to pursue Dan Rosenberg's "do not autoload > modules" approach: > https://lkml.org/lkml/2010/11/7/212 > > But without that, we could also ship a file > /etc/modprobe.d/blacklist-rarenet.conf that listed all the aliases, which > is what Debian started doing: That's not what we've done. > alias net-pf-19 off > alias net-pf-21 off > ... What we decided to do in Debian for the 'squeeze' release was to remove these aliases from the modules. An administrator can then re-add the aliases in a local modprobe config file or add the modules to /etc/modules. (Or a userland support package may load the module, e.g. decnet is loaded by dnet-common.) I've now done this for af_802154, decnet, econet, rds and x25. For future releases I intend to disable econet and possibly x25. I also proposed upstream to move decnet, econet and x25 into staging since they have no regular maintainer, but this was NAK'd. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part