Prevent loading of "foreign" kernel modules
Registered by
Andreas Heinlein
Find a way to prevent loading of "foreign" kernel modules, i.e. from outside the kernel tree or the ubuntu modules package, thus closing an attack vector on a running UPR system.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- Andreas Heinlein
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Implemented
- Milestone target:
- None
- Started by
- Andreas Heinlein
- Completed by
- Andreas Heinlein
Related branches
Related bugs
Sprints
Whiteboard
In 9.04, root/sudo rights of the live session user have been cut down as much as possible. It should now be nearly impossible to load additional modules, at least in an automated way.
(?)
