Grrr... modprobe.conf
Michał Piotrowski
mkkp4x4 at gmail.com
Tue Sep 21 14:52:08 UTC 2010
W dniu 21 września 2010 16:33 użytkownik David Woodhouse
<dwmw2 at infradead.org> napisał:
> On Mon, 2010-09-20 at 11:56 +0200, Michał Piotrowski wrote:
>> 2010/9/20 Bryn M. Reeves <bmr at redhat.com>:
>> > On 09/20/2010 06:43 AM, Ralph Loader wrote:
>> >>
>> >>> After all these years, something from the fedora repos
>> >>> (the only ones I have active in my F14 partition) is still
>> >>> creating an (empty) /etc/modprobe.conf file.
>> >>
>> >> Looks like it's a minor security hole too:
>> >
>> > Not sure I'd call that minor considering what you can do via entries in
>> > that file.
>>
>> You can blacklist the firewall modules - it can be critical :)
>
> Why on earth would that be critical? The firewall is just a band-aid. If
> it does anything useful, your system was broken (or infected) already.
Real-life situation:
- a few servers with postgres - no authentication - setup for pgpool
- a firewall which blocks access from the outside to postgres
Yes - it's broken setup, but it works with firewall.
>
> Seriously, if there is *any* case where the lack of firewall would be
> 'critical', please file a bug for that.
>
> There are *much* more interesting things that someone could do with
> arbitrary write access to /etc/modprobe.conf
Surely, but I don't have enough cracker imagination to quickly come up
with some good examples :)
>
> --
> dwmw2
>
>
Regards,
Michal
More information about the test
mailing list