#!/bin/sh # # 2009 Nico Schottelius (nico-linux at schottelius.org) # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This file is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this file. If not, see . # # Workaround for local root exploit http://lwn.net/Articles/347006/ # # Idea based on data from D-INFK ISG (www.isg.inf.ethz.ch) # string="# workaround for CVE-2009-2692" file="/etc/modprobe.d/aliases" grep "^$string" "$file" >/dev/null || cat << eof >> "$file" $string alias net-pf-10 off alias ipv6 off alias ib_ipoib off alias net-pf-3 off alias net-pf-4 off alias net-pf-5 off alias net-pf-9 off alias net-pf-23 off alias net-pf-24 off alias net-pf-31 off eof echo "You have to reboot your system (press enter to do so)" read rebootme reboot