Grrr... modprobe.conf
David Woodhouse
dwmw2 at infradead.org
Tue Sep 21 14:33:33 UTC 2010
On Mon, 2010-09-20 at 11:56 +0200, Michał Piotrowski wrote:
> 2010/9/20 Bryn M. Reeves <bmr at redhat.com>:
> > On 09/20/2010 06:43 AM, Ralph Loader wrote:
> >>
> >>> After all these years, something from the fedora repos
> >>> (the only ones I have active in my F14 partition) is still
> >>> creating an (empty) /etc/modprobe.conf file.
> >>
> >> Looks like it's a minor security hole too:
> >
> > Not sure I'd call that minor considering what you can do via entries in
> > that file.
>
> You can blacklist the firewall modules - it can be critical :)
Why on earth would that be critical? The firewall is just a band-aid. If
it does anything useful, your system was broken (or infected) already.
Seriously, if there is *any* case where the lack of firewall would be
'critical', please file a bug for that.
There are *much* more interesting things that someone could do with
arbitrary write access to /etc/modprobe.conf
--
dwmw2
More information about the test
mailing list