[PATCH 1/3] decnet: Move to staging
Recent review has revealed several bugs in obscure protocol implementations that can be exploited by local users for denial of service or privilege escalation. The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the only changes appear to be adjustments for net API changes and fixes for bugs found by inspection. This protocol generally should not be enabled by distributions, since the cost of a security flaw affecting all installed systems presumably outweighs the benefit to the few (if any) legitimate users. Signed-off-by: Ben Hutchings b...@decadent.org.uk --- drivers/staging/Kconfig |2 ++ net/Kconfig |2 -- net/decnet/Kconfig |3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/staging/Kconfig b/drivers/staging/Kconfig index 5eafdf4..dd94cb2 100644 --- a/drivers/staging/Kconfig +++ b/drivers/staging/Kconfig @@ -175,5 +175,7 @@ source drivers/staging/intel_sst/Kconfig source drivers/staging/speakup/Kconfig +source net/decnet/Kconfig + endif # !STAGING_EXCLUDE_BUILD endif # STAGING diff --git a/net/Kconfig b/net/Kconfig index 55fd82e..9e4fc29 100644 --- a/net/Kconfig +++ b/net/Kconfig @@ -186,7 +186,6 @@ config BRIDGE_NETFILTER source net/netfilter/Kconfig source net/ipv4/netfilter/Kconfig source net/ipv6/netfilter/Kconfig -source net/decnet/netfilter/Kconfig source net/bridge/netfilter/Kconfig endif @@ -201,7 +200,6 @@ source net/802/Kconfig source net/bridge/Kconfig source net/dsa/Kconfig source net/8021q/Kconfig -source net/decnet/Kconfig source net/llc/Kconfig source net/ipx/Kconfig source drivers/net/appletalk/Kconfig diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig index 7914fd6..9d17166 100644 --- a/net/decnet/Kconfig +++ b/net/decnet/Kconfig @@ -41,3 +41,6 @@ config DECNET_ROUTER See file:Documentation/networking/decnet.txt for more information. +if NETFILTER +source net/decnet/netfilter/Kconfig +endif -- 1.7.2.3 -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1290484313.6770.1328.ca...@localhost
Re: [PATCH 1/3] decnet: Move to staging
On Tue, 23 Nov 2010 03:51:53 + Ben Hutchings b...@decadent.org.uk wrote: Recent review has revealed several bugs in obscure protocol implementations that can be exploited by local users for denial of service or privilege escalation. The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the only changes appear to be adjustments for net API changes and fixes for bugs found by inspection. This protocol generally should not be enabled by distributions, since the cost of a security flaw affecting all installed systems presumably outweighs the benefit to the few (if any) legitimate users. Signed-off-by: Ben Hutchings b...@decadent.org.uk NAK there are still users and stuff does get fixed. If you don't like it then disable it from config. -- -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101122203131.7cbd6...@nehalam
Re: [PATCH 1/3] decnet: Move to staging
From: Stephen Hemminger shemmin...@vyatta.com Date: Mon, 22 Nov 2010 20:31:31 -0800 On Tue, 23 Nov 2010 03:51:53 + Ben Hutchings b...@decadent.org.uk wrote: Recent review has revealed several bugs in obscure protocol implementations that can be exploited by local users for denial of service or privilege escalation. The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the only changes appear to be adjustments for net API changes and fixes for bugs found by inspection. This protocol generally should not be enabled by distributions, since the cost of a security flaw affecting all installed systems presumably outweighs the benefit to the few (if any) legitimate users. Signed-off-by: Ben Hutchings b...@decadent.org.uk NAK there are still users and stuff does get fixed. If you don't like it then disable it from config. Seriously, I can't even remember a bonifides security flaw in decnet being found recently and in fact the decnet stack is very well written code. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101122.211923.193717252.da...@davemloft.net