mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-03-12 09:26:31 -04:00
Disable legacy framebuffer drivers
These were all previously blacklisted for over 2 years.
This commit is contained in:
parent
9f53a0182b
commit
c4965ed838
@ -190,9 +190,6 @@ modules from automatically starting.
|
|||||||
|
|
||||||
- CD-ROM/DVD: Blacklist modules required for CD-ROM/DVD devices.
|
- CD-ROM/DVD: Blacklist modules required for CD-ROM/DVD devices.
|
||||||
|
|
||||||
- Framebuffer Drivers: Blacklisted as they are well-known to be buggy, cause
|
|
||||||
kernel panics, and are generally only used by legacy devices.
|
|
||||||
|
|
||||||
- Miscellaneous: Blacklist an assortment of other modules to prevent them from
|
- Miscellaneous: Blacklist an assortment of other modules to prevent them from
|
||||||
automatically loading.
|
automatically loading.
|
||||||
|
|
||||||
@ -210,6 +207,9 @@ disabling should first be blacklisted for a suitable amount of time.
|
|||||||
|
|
||||||
- FireWire (IEEE 1394): Disabled as they are often vulnerable to DMA attacks.
|
- FireWire (IEEE 1394): Disabled as they are often vulnerable to DMA attacks.
|
||||||
|
|
||||||
|
- Framebuffer Drivers: Disabled as they are well-known to be buggy, cause
|
||||||
|
kernel panics, and are generally only used by legacy devices.
|
||||||
|
|
||||||
- GPS: Disable GPS-related modules such as those required for Global Navigation
|
- GPS: Disable GPS-related modules such as those required for Global Navigation
|
||||||
Satellite Systems (GNSS).
|
Satellite Systems (GNSS).
|
||||||
|
|
||||||
|
@ -21,39 +21,6 @@ blacklist sr_mod
|
|||||||
#install cdrom /usr/bin/disabled-cdrom-by-security-misc
|
#install cdrom /usr/bin/disabled-cdrom-by-security-misc
|
||||||
#install sr_mod /usr/bin/disabled-cdrom-by-security-misc
|
#install sr_mod /usr/bin/disabled-cdrom-by-security-misc
|
||||||
|
|
||||||
## Framebuffer Drivers:
|
|
||||||
##
|
|
||||||
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-framebuffer.conf?h=ubuntu/disco
|
|
||||||
##
|
|
||||||
blacklist aty128fb
|
|
||||||
blacklist atyfb
|
|
||||||
blacklist cirrusfb
|
|
||||||
blacklist cyber2000fb
|
|
||||||
blacklist cyblafb
|
|
||||||
blacklist gx1fb
|
|
||||||
blacklist hgafb
|
|
||||||
blacklist i810fb
|
|
||||||
blacklist intelfb
|
|
||||||
blacklist kyrofb
|
|
||||||
blacklist lxfb
|
|
||||||
blacklist matroxfb_bases
|
|
||||||
blacklist neofb
|
|
||||||
blacklist nvidiafb
|
|
||||||
blacklist pm2fb
|
|
||||||
blacklist radeonfb
|
|
||||||
blacklist rivafb
|
|
||||||
blacklist s1d13xxxfb
|
|
||||||
blacklist savagefb
|
|
||||||
blacklist sisfb
|
|
||||||
blacklist sstfb
|
|
||||||
blacklist tdfxfb
|
|
||||||
blacklist tridentfb
|
|
||||||
blacklist vesafb
|
|
||||||
blacklist vfb
|
|
||||||
blacklist viafb
|
|
||||||
blacklist vt8623fb
|
|
||||||
blacklist udlfb
|
|
||||||
|
|
||||||
## Miscellaneous:
|
## Miscellaneous:
|
||||||
##
|
##
|
||||||
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
|
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
|
||||||
|
@ -70,6 +70,41 @@ install raw1394 /usr/bin/disabled-firewire-by-security-misc
|
|||||||
install sbp2 /usr/bin/disabled-firewire-by-security-misc
|
install sbp2 /usr/bin/disabled-firewire-by-security-misc
|
||||||
install video1394 /usr/bin/disabled-firewire-by-security-misc
|
install video1394 /usr/bin/disabled-firewire-by-security-misc
|
||||||
|
|
||||||
|
## Framebuffer Drivers:
|
||||||
|
## Known to be buggy, cause kernel panics, and are generally only used by legacy devices.
|
||||||
|
## These were all previously blacklisted.
|
||||||
|
##
|
||||||
|
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-framebuffer.conf?h=ubuntu/disco
|
||||||
|
##
|
||||||
|
install aty128fb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install atyfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install cirrusfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install cyber2000fb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install cyblafb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install gx1fb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install hgafb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install i810fb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install intelfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install kyrofb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install lxfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install matroxfb_bases /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install neofb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install nvidiafb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install pm2fb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install radeonfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install rivafb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install s1d13xxxfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install savagefb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install sisfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install sstfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install tdfxfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install tridentfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install vesafb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install vfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install viafb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install vt8623fb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
install udlfb /usr/bin/disabled-framebuffer-by-security-misc
|
||||||
|
|
||||||
## Global Positioning Systems (GPS):
|
## Global Positioning Systems (GPS):
|
||||||
## Disable GPS-related modules like GNSS (Global Navigation Satellite System).
|
## Disable GPS-related modules like GNSS (Global Navigation Satellite System).
|
||||||
##
|
##
|
||||||
|
10
usr/bin/disabled-framebuffer-by-security-misc
Executable file
10
usr/bin/disabled-framebuffer-by-security-misc
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
## Copyright (C) 2024 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
||||||
|
## See the file COPYING for copying conditions.
|
||||||
|
|
||||||
|
## Alerts the user that a kernel module failed to load due to it being blacklisted by default.
|
||||||
|
|
||||||
|
echo "$0: ERROR: This framebuffer driver kernel module is disabled by package security-misc by default. See the configuration file /etc/modprobe.d/30_security-misc_disable.conf | args: $@" >&2
|
||||||
|
|
||||||
|
exit 1
|
Loading…
x
Reference in New Issue
Block a user