47 lines
1.3 KiB
Bash
Executable File
47 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# 2009 Nico Schottelius (nico-linux at schottelius.org)
|
|
#
|
|
# This file is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This file is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# Workaround for local root exploit http://lwn.net/Articles/347006/
|
|
#
|
|
# Idea based on data from D-INFK ISG (www.isg.inf.ethz.ch)
|
|
#
|
|
|
|
string="# workaround for CVE-2009-2692"
|
|
file="/etc/modprobe.d/aliases"
|
|
|
|
grep "^$string" "$file" >/dev/null || cat << eof >> "$file"
|
|
$string
|
|
alias net-pf-10 off
|
|
alias ipv6 off
|
|
alias ib_ipoib off
|
|
alias net-pf-3 off
|
|
alias net-pf-4 off
|
|
alias net-pf-5 off
|
|
alias net-pf-9 off
|
|
alias net-pf-23 off
|
|
alias net-pf-24 off
|
|
alias net-pf-31 off
|
|
eof
|
|
|
|
echo "You have to reboot your system (press enter to do so)"
|
|
|
|
# reboot directly, if there's -f
|
|
if [ "$1" != "-f" ]; then
|
|
read rebootme
|
|
fi
|
|
reboot
|