Merge pull request #20 from madaidan/patch-15

Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt
2025-05-09 13:34:57 -04:00 · 2019-07-06 11:06:25 +00:00 · 2019-07-06 11:06:25 +00:00 · 649878fdcb
commit 649878fdcb
parent 6df7b3c295 8888147e1e
3 changed files with 4 additions and 3 deletions
--- a/debian/control
+++ b/debian/control
@ -95,7 +95,7 @@ Description: enhances misc security settings
 .
 All mitigations for the MDS vulnerability are enabled.
 .
- DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have
+ DCCP, SCTP, TIPC, RDS and HDLC are blacklisted as they are rarely used and may have
 unknown vulnerabilities.
 .
 The kernel logs are restricted to root only.
--- a/etc/modprobe.d/blacklist-dma.conf
+++ b/etc/modprobe.d/blacklist-dma.conf
@ -1,3 +1,3 @@
 # Blacklist thunderbolt and firewire to prevent some DMA attacks.
-blacklist firewire-core
-blacklist thunderbolt
+install firewire-core /bin/true
+install thunderbolt /bin/true
--- a/etc/modprobe.d/uncommon-network-protocols.conf
+++ b/etc/modprobe.d/uncommon-network-protocols.conf
@ -3,3 +3,4 @@ install dccp /bin/true
 install sctp /bin/true
 install rds /bin/true
 install tipc /bin/true
+install n-hdlc /bin/true