[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20171021.022737.1906342496133825805.davem@davemloft.net>
Date: Sat, 21 Oct 2017 02:27:37 +0100 (WEST)
From: David Miller <davem@...emloft.net>
To: lucien.xin@...il.com
Cc: netdev@...r.kernel.org, edumazet@...gle.com,
marcelo.leitner@...il.com, sd@...asysnail.net
Subject: Re: [PATCH net 0/2] net: diag: fix a potential security issue
From: Xin Long <lucien.xin@...il.com>
Date: Thu, 19 Oct 2017 15:32:23 +0800
> This patch is to void the potential security issue that the family
> or protocol modules are autoloaded when requesting _diag module by
> not requesting _diag module if the family or protocol is not added
> or registered in sock_diag and inet_diag.
>
> As the repost of the patch '[PATCH net] sock_diag: request _diag
> module only when the family or proto has been registered', this
> patchset fixes the compiling errors when INET is not set, and
> also split into two patches to make it clear to review.
This makes no sense to me.
Any user can just open a socket() in the appropriate protocol
family to cause the module to be loaded.
If someone wants modules to not be loaded, block them using
traditional module loading infrastructure mechanisms. Or
don't load the module at all.
Sorry I am not applying this.
Powered by blists - more mailing lists