Blocklist rare network protocols
Originally created by @intrigeri on #6457 (Redmine)
Team: DrWhax, ? (reviewer)
The rose
, ax25
etc. kernel modules are automatically loaded in Tails
(since we’ve moved to ferm?). Both
Ubuntu
and
Fedora
blacklist these modules as they are of little use to the average user
and may contain undiscovered exploitable vulnerabilities (not mentioning
some of them have a poor track record when it comes to security).
We should do the same, presumably (short term) by copying their blacklist configuration file.
A better long term solution would be to see Debian do that by default,
or at least ship a package that provides the blacklist file so that
users can easily opt-in for the additional protection (perhaps this
package could even be pulled by task-desktop
). Debian’s well-known and
solidly-grounded reluctance to packages that ship only a small number of
configuration files may be an issue, though.
Parent Task: #7639
Related issues
- Related to #12280 (closed)