Feature #6457

Blocklist rare network protocols

Added by intrigeri 2013-11-29 04:29:26 . Updated 2019-07-07 15:18:07 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

Team: DrWhax, ? (reviewer)

The rose, ax25 etc. kernel modules are automatically loaded in Tails (since we’ve moved to ferm?). Both Ubuntu and Fedora blacklist these modules as they are of little use to the average user and may contain undiscovered exploitable vulnerabilities (not mentioning some of them have a poor track record when it comes to security).

We should do the same, presumably (short term) by copying their blacklist configuration file.

A better long term solution would be to see Debian do that by default, or at least ship a package that provides the blacklist file so that users can easily opt-in for the additional protection (perhaps this package could even be pulled by task-desktop). Debian’s well-known and solidly-grounded reluctance to packages that ship only a small number of configuration files may be an issue, though.


Subtasks


Related issues

Related to Tails - Bug #12280: Protect against CVE-2017-6074 in Tails 2.11 Resolved 2017-03-03

History

#1 Updated by intrigeri 2014-03-01 20:06:30

I think it was mentioned at the last Debian security team meeting (http://titanpad.com/secteamessen2014) or in their notes (so-called “secure-testing” Git repo on Alioth). So perhaps this can really be done in Debian.

#2 Updated by Dr_Whax 2014-04-14 22:12:31

I have this: https://github.com/DrWhax/FascistFirewall/blob/master/blacklist-rare-network.conf

I guess it would make sense to include a test suite whether I could still send or receive protocols like this and ping the Debian security team once I can proof it doesn’t leak so it can be applied upstream?

Thoughts?

#3 Updated by intrigeri 2014-04-15 10:05:11

Dr_Whax wrote:
> I guess it would make sense to include a test suite whether I could still send or receive protocols like this and ping the Debian security team once I can proof it doesn’t leak so it can be applied upstream?

It might be me being not really awake, but it’s unclear to me:

  • how much sense it makes to test if one can use a protocol when the kernel driver can’t be loaded
  • what upstream we’re talking about: Debian kernel team, Debian security team, upstream Linux, anything else?

#4 Updated by Dr_Whax 2014-04-21 11:23:59

It was probably, I who wasn’t awake. Since i’m still a newcomer to contributing to Debian in general, what would you recommend to me when it comes to upstreaming this? Which team should I contact?

#5 Updated by intrigeri 2014-04-22 08:30:53

  • Description updated

#6 Updated by intrigeri 2014-04-22 08:42:55

Dr_Whax wrote:
> Since i’m still a newcomer to contributing to Debian in general, what would you recommend to me when it comes to upstreaming this? Which team should I contact?

I think the Debian Security team are the best placed people to assert the usefulness of such a change, and to propose an implementation that can be acceptable for the wider project (opt-in? opt-out?). The idea that I drafted in this ticket’s description might be a good start, but I doubt it can work without the security team’s backing.

Still, on the short term, we can simply blacklist these network protocols in Tails only. Then, reporting that we’ve been doing that since N months without any user complain might be useful for pushing the same change into Debian.

#7 Updated by Dr_Whax 2014-04-28 20:08:07

I guess trying it out for a while and reporting to the Debian Security team on what we’ve been doing since N months sounds like a good idea to me.

Is this something we want in Tails 1.0?

#8 Updated by intrigeri 2014-04-28 20:15:25

> Is this something we want in Tails 1.0?

The Tails 1.0 ISO is being tested, and will be released tomorrow, so, no :)

I’d personally be happy to see it in 1.1, as long as it does not eat too much developer time that could be used for 1.1 blockers.

#9 Updated by intrigeri 2014-06-21 14:13:33

  • Assignee set to Dr_Whax
  • QA Check set to Info Needed

@Dr_Whax: do you want to give it a try, e.g. during the HackFest?

#10 Updated by intrigeri 2014-07-21 21:23:57

#11 Updated by Dr_Whax 2014-10-04 04:31:01

Send an e-mail to a security of Debian about this specifically. Hopefully know more soon.

#12 Updated by BitingBird 2015-01-02 16:45:07

Any answers about this ?

#13 Updated by intrigeri 2015-01-07 14:14:17

Dr_Whax wrote:
> Send an e-mail to a security of Debian about this specifically. Hopefully know more soon.

What mailing-list did you email? Can we have a link to your message in the archive?

#14 Updated by Dr_Whax 2015-01-07 14:18:48

This was to a Debian security person directly, I can’t find the e-mail however, he also never replied. I guess I should just open a Debian bug and link it here so we can track the changes.

#15 Updated by BitingBird 2015-01-07 15:42:53

  • QA Check deleted (Info Needed)

#16 Updated by intrigeri 2015-01-11 11:48:49

After discussing it with ioerror, the plan could be:

  1. ask the Debian security team if they need a detailed rationale for each module that Fedora and Ubuntu have been blacklisting by default for ages; if yes, complete our blueprint so it explains, for each module, what it’s useful for, and why these usecases don’t matter much to Debian
  2. possibly add this topic to the next Debian security team meeting agenda (in the secure-testing SVN repo)
  3. if the Debian security team is interested, work with them to find out in which package the blacklist should be shipped (see preliminary research about in on tails-dev@)
  4. work on making our own blacklist bigger

#17 Updated by sajolida 2015-08-14 12:03:35

  • Description updated
  • Target version set to 2016

#18 Updated by Dr_Whax 2016-08-20 13:11:26

  • Target version changed from 2016 to 2017

#19 Updated by anonym 2017-02-23 14:09:38

Tails is affected by CVE-2017-6074 because we haven’t done this yet (specifically blacklist the dccp module). While I like that we want to take an “upstream first” path to this, it seems it’ll be too slow.

I think we quite cheaply can generate a whitelist of which modules in kernel/net to keep (=> remove/blacklist the rest) by looking at what modules are loaded in our history of whisperbacks. Say that COMMAND prints the contents of all whisperbacks (so it could be that COMMAND = cat * if you current directory contains all of them in plaintext files) I’d like the output of:

COMMAND | \
  sed -n '/^===== output of command \/bin\/lsmod =====/{:a;n;/^$/b;p;ba}' | \
  grep -v ^Module | \
  awk '{ print $1 }' | \
  sort | \
  uniq -c

Note: I want uniq -c output so we can see the count. I mean, there’s always the risk that one crazy users loaded e.g. dccp manually before sending a whisperback. :)

Could someone with access to the whisperbacks please run the above command?

Perhaps we should do the same with other trees of kernel modules, like kernel/fs? While exploiting filesystems generally require root privileges, it’s not the case for an attacker with physical access that can insert removable storage media.

Another discussion is blacklisting vs removing modules. Removing seems ultimately safer, and will even save some disk space. The only “advantage” of blacklisting is that the module is there so that power users can enable them again, but I expect our whitelist to be so wide that no one ever will need that.

#20 Updated by intrigeri 2017-02-24 15:26:51

> While I like that we want to take an “upstream first” path to this, it seems it’ll be too slow.

Stretch is frozen and most Debian people are busy stabilizing it, so now is definitely not a good time to propose this kind of changes in Debian. So I’m fine with implementing some custom hack on our side. And the next steps should be clear given our relationship with upstream commitment, so I’ll shut up :)

#21 Updated by intrigeri 2017-03-03 08:21:36

  • related to Bug #12280: Protect against CVE-2017-6074 in Tails 2.11 added

#22 Updated by sajolida 2017-03-04 20:40:16

Here you go!

>From 3918 reports sent since 2014.

The cruft at the beginning all come from reports from 2014.

32 =====
8 -
2 .

2 (++)
1326 [
23 **
68 +
194 ++
146 +++
16 ++++
103

5 0
2 00:00.0
2 00:02.0
2 00:16.0
2 00:19.0
2 00:1a.0
2 00:1b.0
2 00:1c.0
2 00:1c.2
2 00:1c.3
2 00:1d.0
2 00:1f.0
2 00:1f.2
2 00:1f.3
2 01:00.0
2 03:00.0
2 04:00.0
4 1
2 1:
2 2:
2 29.2MB
2 3:
2 33:
2 35.7MB
14 3c59x
2 4
2 4:
2 5:
2 6:
814 6lowpan_iphc
2 7:
2 8:
75 8139cp
76 8139too
71 8250_fintek
2 9:
2 965G,
2 9p
5 9pnet
5 9pnet_virtio
1421 ablk_helper
2330 ac
368 ac97_bus
6 acerhdf
264 acer_wmi
77 acpi_als
1451 acpi_cpufreq
146 acpi_pad
55 acpi_thermal_rel
6 adm1021
5 adt7475
3 aes_generic
126 aes_i586
1277 aesni_intel
1293 aes_x86_64
657 af_alg
2492 ahci
7 aic7xxx
2 airo
1 ak8975
657 algif_skcipher
2 alienware_wmi
6 altera_ci
6 altera_stapl
131 alx
2 amd64_edac_mod
22 amd_freq_sensitivity
2 amdgpu
4 amdkfd
238 ansi_cprng
4 apanel
201 apple_bl
2 appledisplay
88 apple_gmux
203 applesmc
501 appletalk
11 appletouch
2124 arc4
9 asix
90 asus_atk0110
57 asus_laptop
153 asus_nb_wmi
34 asus_wireless
278 asus_wmi
1278 ata_generic
949 ata_piix
688 ath
5 ath10k_core
5 ath10k_pci
199 ath3k
80 ath5k
564 ath9k
602 ath9k_common
40 ath9k_htc
602 ath9k_hw
4 ati_remote
2 atl1
214 atl1c
22 atl1e
1 atl2
3 atmel_mxt_ts
1 au0828
1 au8522_common
1 au8522_decoder
1 au8522_dig
3230 aufs
1195 autofs4
5 avmfritz
501 ax25
15 ax88179_178a
368 b43
51 b44
2499 battery
108 bch
153 bcm5974
405 bcma
13 bcm_phy_lib
10 Begin:
17 binfmt_misc
1159 bluetooth
1 bnep
1 bochs_drm
5 brcmfmac
149 brcmsmac
154 brcmutil
1 bridge
47 broadcom
28 bsd_comp
223 btbcm
15 btcoexist
8 btcx_risc
223 btintel
52 btqca
7 btrfs
189 btrtl
2 btsdio
1 bttv
1123 btusb
2 built-ins

4 BusLogic
3230 button
2 carl9170
2 cat:
302 cbc
1078 ccm
15 ccp
56 cdc_acm
126 cdc_ether
20 cdc_mbim
24 cdc_ncm
51 cdc_wdm
2432 cdrom
2578 cfg80211
11 chromeos_laptop
10 chromeos_pstore
1 cifs
5 compal_laptop
2 Conexant
2 Configuring
1 container
149 cordic
2400 coretemp
2046 cpufreq_powersave
2 cpuid
2083 crc16
1 crc32c
298 crc32c_generic
1776 crc32c_intel
1588 crc32_pclmul
1 crc8
264 crc_ccitt
705 crc_itu_t
2619 crc_t10dif
2547 crct10dif_common
694 crct10dif_generic
1495 crct10dif_pclmul
1717 cryptd
1 cs5345
1078 ctr
1 cx18
1 cx18_alsa
9 cx2341x
8 cx23885
7 cx25840
9 cyapa
2 cyapatp
7 dca
414 dcdbas
2 "Default
261 dell_laptop
12 dell_rbtn
59 dell_smm_hwmon
64 dell_smo8800
236 dell_wmi
5 dell_wmi_aio
2 device
4 Device
2 dib0070
2 dib0090
3 dib3000mc
2 dib7000m
2 dib7000p
2 dib8000
3 dibx000_common
2690 dm_crypt
2792 dm_mod
1 dns_resolver
2 done.

238 drbg
3135 drm
3005 drm_kms_helper
24 dvb_core
3 dvb_usb
3 dvb_usb_af9015
1 dvb_usb_af9035
2 dvb_usb_dib0700
1 dvb_usb_dibusb_common
1 dvb_usb_dibusb_mb
1 dvb_usb_rtl28xxu
5 dvb_usb_v2
44 dw_dmac
47 dw_dmac_core
32 e100
155 e1000
442 e1000e
2 E7221
991 ecb
411 edac_core
231 edac_mce_amd
12 eeepc_laptop
123 eeepc_wmi
159 eeprom_93cx6
528 efi_pstore
25 efivarfs
528 efivars
3006 ehci_hcd
2911 ehci_pci
27 elan_i2c
1 em28xx
1 em28xx_rc
1 em28xx_v4l
12 emu10k1_gp
22 enclosure
62 ene_ir
1 Error
6 Error:
8 [ERROR]
2 /etc/gdm3/Xsession:
3230 evdev
2 ext2
5 ext3
1582 ext4
8 Failed
57 fam15h_power
540 fan
2501 fat
36 fb_sys_fops
1 fc0013
48 ff_memless
1 fintek_cir
677 firewire_core
677 firewire_ohci
3 firewire_sbp2
414 fjes
250 floppy
101 forcedeth
1 FoxyProxy
3 fscache
90 fscrypto
5 ftdi_sio
27 fujitsu_laptop
4 fujitsu_tablet
1758 fuse
108 gameport
14 gdm-session-worker[3329]:
14 gdm-session-worker[3360]:
1871 gf128mul
1039 ghash_clmulni_intel
6 glibtop:
1300 glue_helper
13 gma500_gfx
3 GNOME_KEYRING_CONTROL=/tmp/keyring-a5o6AM

3 GNOME_KEYRING_CONTROL=/tmp/keyring-hmGFKh

1 GNOME_KEYRING_PID=4871

1 GNOME_KEYRING_PID=4915

5 (gnome-power-manager:3316):
5 (gnome-power-manager:3347):
34 gpg:
4 grep:
11 gspca_main
1 gspca_ov519
1 gspca_ov534
1 gspca_pac207
1 gspca_sn9c20x
3 gspca_sonixj
1 gspca_spca561
3 gspca_zc3xx
52 hci_uart
2 HDA
10 hfsplus
2217 hid
3 hid_a4tech
192 hid_apple
112 hid_appleir
3 hid_cherry
1 hid_chicony
3 hid_dr
1989 hid_generic
1 hid_holtek_mouse
1 hid_hyperv
2 hid_lenovo
28 hid_logitech
151 hid_logitech_dj
17 hid_logitech_hidpp
22 hid_microsoft
150 hid_multitouch
1 hid_ntrig
1 hid_pl
1 hid_plantronics
12 hid_rmi
6 hid_roccat
1 hid_roccat_arvo
6 hid_roccat_common
1 hid_roccat_isku
1 hid_roccat_koneplus
2 hid_roccat_konepure
1 hid_roccat_ryos
28 hid_sensor_accel_3d
22 hid_sensor_als
28 hid_sensor_gyro_3d
30 hid_sensor_hub
28 hid_sensor_iio_common
26 hid_sensor_incl_3d
27 hid_sensor_magn_3d
26 hid_sensor_rotation
28 hid_sensor_trigger
2 hid_sony
239 hmac
176 hp_accel
123 hp_wireless
347 hp_wmi
4 huawei_cdc_ncm
1 hv_balloon
1 hv_netvsc
1 hv_storvsc
1 hv_utils
1 hv_vmbus
5 hwmon_vid
1 hyperv_fb
1 hyperv_keyboard
14 i2400m
14 i2400m_usb
2920 i2c_algo_bit
1 i2c_ali1535
1 i2c_ali15x3
2737 i2c_core
239 i2c_designware_core
11 i2c_designware_pci
239 i2c_designware_platform
238 i2c_hid
2131 i2c_i801
4 i2c_isch
3 i2c_mux
114 i2c_nforce2
672 i2c_piix4
5 i2c_sis630
115 i2c_smbus
17 i2c_viapro
1 i5000_edac
2 i5400_edac
6 i5500_temp
3 i5k_amb
57 i7core_edac
2 i810-dc100,
1772 i915
1 (iceweasel:5355):
121 ideapad_laptop
2 ide_core
2 ide_generic
38 idma64
90 ie31200_edac
2 If
4 igb
117 industrialio
29 industrialio_triggered_buffer
4 [INFO]
2 Initializing
450 input_polldev
55 int3400_thermal
17 int3402_thermal
87 int3403_thermal
55 int340x_thermal_zone
7 intel_cstate
141 intel_ips
47 intel_lpss
47 intel_lpss_acpi
38 intel_lpss_pci
46 intel_pch_thermal
1341 intel_powerclamp
1128 intel_rapl
8 intel_rapl_perf
29 intel_rst
88 intel_smartconnect
59 intel_soc_dts_iosf
2 intel_soc_dts_thermal
7 intel_uncore
1 inv_mpu6050
1 inv_mpu6050_i2c
3 ioatdma
49 iosf_mbi
3230 ip6table_filter
3230 ip6_tables
7 ip6t_LOG
3230 ip6t_REJECT
3 ipheth
3230 iptable_filter
3230 iptable_nat
3230 ip_tables
7 ipt_LOG
6 ipt_MASQUERADE
9 ipt_REDIRECT
3230 ipt_REJECT
6 ipw2100
48 ipw2200
501 ipx
111 irda
41 ir_jvc_decoder
45 ir_lirc_codec
41 ir_mce_kbd_decoder
41 ir_nec_decoder
386 irqbypass
41 ir_rc5_decoder
41 ir_rc6_decoder
41 ir_sanyo_decoder
35 ir_sharp_decoder
41 ir_sony_decoder
9 isight_firmware
3 isl29018
901 isofs
1971 iTCO_vendor_support
1971 iTCO_wdt
21 ite_cir
104 iwl3945
32 iwl4965
368 iwldvm
136 iwlegacy
192 iwlmvm
562 iwlwifi
5 jbd
1585 jbd2
62 jmb38x_ms
14 jme
958 joydev
341 k10temp
85 k8temp
106 kfifo_buf
2313 kvm
258 kvm_amd
1444 kvm_intel
59 lib80211
6 lib80211_crypt_ccmp
7 lib80211_crypt_tkip
2 lib80211_crypt_wep
2492 libahci
3205 libata
1 libcrc32c
54 libipw
4 libnvdimm
370 libphy
6 librdf
4 libsas
2 line6usb
45 lirc_dev
176 lis3lv02d
2 live-config:
501 llc
4 lm90
4 localuser:tails-upgrade-frontend
3230 loop
3229 lp
2282 lpc_ich
4 lpc_sch
1421 lrw
1 m88ds3103
2116 mac80211
1591 mbcache
5 mceusb
1 mct_u232
1 md4
131 mdio
1621 media
1 megaraid_sas
75 mei
75 mei_me
677 memstick
2199 mfd_core
10 michael_mic
103 microcode
1522 mii
5 mISDN_core
5 mISDNipac
102 mmc_block
1374 mmc_core
109 mperf
48 mptbase
2 mptsas
48 mptscsih
46 mptspi
1 msi_laptop
40 msi_wmi
1 mt2060
6 mt2131
1 mt7601u
122 mtd
1 mtd_blkdevs
1 mtdblock
4 mvsas
9 mwifiex
7 mwifiex_pcie
2 mwifiex_usb
1 mxl5005s
931 mxm_wmi
121 nand
108 nand_bch
121 nand_ecc
121 nand_ids
2 nautilus-wipe-Message:
501 netrom
3 nfc
3230 nf_conntrack
6 nf_conntrack_ftp
6 nf_conntrack_h323
3230 nf_conntrack_ipv4
2013 nf_conntrack_ipv6
6 nf_conntrack_irc
6 nf_conntrack_pptp
6 nf_conntrack_proto_gre
6 nf_conntrack_sip
6 nf_conntrack_tftp
3230 nf_defrag_ipv4
2013 nf_defrag_ipv6
4 nfit
489 nf_log_common
489 nf_log_ipv4
489 nf_log_ipv6
3230 nf_nat
6 nf_nat_ftp
6 nf_nat_h323
3221 nf_nat_ipv4
6 nf_nat_irc
6 nf_nat_pptp
6 nf_nat_proto_gre
489 nf_nat_redirect
6 nf_nat_sip
6 nf_nat_tftp
4 nfnetlink
4 nfnetlink_log
1 nfnetlink_queue
489 nf_reject_ipv4
489 nf_reject_ipv6
312 nls_ascii
2501 nls_cp437
2974 nls_utf8
839 nouveau
22 ns558
18 nsc_ircc
128 ntfs
35 nuvoton_cir
11 nvme
10 nvme_core
195 nvram
28 nv_tco
2 of_i2c
682 ohci_hcd
664 ohci_pci
35 option
1 orinoco
1 orinoco_cs
1 overlay
501 p8022
501 p8023
3 panasonic_laptop
3230 parport
3229 parport_pc
1 parport_serial
1 pata_ali
74 pata_amd
152 pata_atiixp
1 pata_it8213
1 pata_it821x
47 pata_jmicron
21 pata_marvell
7 pata_pcmcia
5 pata_pdc2027x
4 pata_sch
10 pata_sil680
22 pata_sis
30 pata_via
1 pci_hotplug
622 pcmcia
622 pcmcia_core
270 pcmcia_rsrc
84 pcnet32
2 pcspkr
1 phram
5 pl2303
3 pn533
1 pn533_usb
7 (polkit-gnome-authentication-agent-1:3317):
7 (polkit-gnome-authentication-agent-1:3348):
2 (polkit-gnome-authentication-agent-1:4979):
2 (polkit-gnome-authentication-agent-1:4982):
79 powernow_k8
4 power_supply
3229 ppdev
28 ppp_async
28 ppp_deflate
33 ppp_generic
4 pppoe
4 pppox
772 pps_core
2898 processor
54 processor_thermal_device
2741 psmouse
501 psnap
772 ptp
35 pvpanic
1 pwc
25 qcserial
6 qmi_wwan
1 qxl
138 r592
8 r8152
1133 r8169
2 r8187se
2 r8188eu
1 r8192ee
5 r8192e_pci
121 r852
27 r8712u
629 radeon
7 raid6_pq
143 rc_core
2 rc_dib0700_rc5
1 rc_hauppauge
4 rc_medion_x10_or2x
43 rc_rc6_mce
99 regmap_i2c
1 reiserfs
6 release
2 Release
2 resolv-conf
1 rfcomm
2727 rfkill
39 rndis_host
7 rndis_wlan
702 rng_core
501 rose
127 rt2800lib
85 rt2800mmio
96 rt2800pci
32 rt2800usb
145 rt2x00lib
110 rt2x00mmio
111 rt2x00pci
35 rt2x00usb
15 rt61pci
3 rt73usb
1 rtl2830
1 rtl2832
1 rtl2832_sdr
1 rtl8180
42 rtl8187
30 rtl8188ee
3 rtl818x_pci
103 rtl8192c_common
78 rtl8192ce
25 rtl8192cu
28 rtl8192se
11 rtl8723ae
15 rtl8723be
22 rtl8723_common
5 rtllib
2 rtllib_crypt_ccmp
2 rtllib_crypt_tkip
161 rtl_pci
25 rtl_usb
186 rtlwifi
34 rts5139
4 rts5208
351 rtsx_pci
347 rtsx_pci_ms
347 rtsx_pci_sdmmc
130 rtsx_usb
130 rtsx_usb_ms
130 rtsx_usb_sdmmc
7 s5h1409
1 s5h1411
1 saa7115
6 saa7134
6 saa7134_alsa
4 saa7134_dvb
2 saa7164
38 samsung_laptop
4 Sandybridge,
50 sata_nv
4 sata_promise
15 sata_sil
5 sata_sil24
16 sata_sis
1 sata_uli
7 sata_via
5 sb_edac
161 sbs
161 sbshc
3229 scsi_mod
9 scsi_transport_sas
53 scsi_transport_spi
792 sdhci
206 sdhci_acpi
603 sdhci_pci
3070 sd_mod
2877 serio_raw
19 serpent_avx2
21 serpent_avx_x86_64
27 serpent_generic
2 serpent_sse2_i586
25 serpent_sse2_x86_64
22 ses
3128 sg
435 sha256_generic
279 sha256_ssse3
1337 shpchp
1 sierra
1 sil164
1 sis
7 sis190
5 sis900
1 sisfb
13 skge
144 sky2
33 slhc
121 sm_common
3205 snd
368 snd_ac97_codec
10 snd_ak4113
10 snd_ak4114
11 snd_ak4xxx_adda
8 snd_atiixp
7 snd_atiixp_modem
2 snd_ca0106
17 snd_cmipci
157 snd_compress
4 snd_cs4236
1 snd_cs8427
9 snd_ctxfi
13 snd_emu10k1
6 snd_emu10k1_synth
6 snd_emux_synth
1 snd_ens1370
56 snd_ens1371
2848 snd_hda_codec
139 snd_hda_codec_analog
1 snd_hda_codec_ca0110
15 snd_hda_codec_ca0132
171 snd_hda_codec_cirrus
287 snd_hda_codec_conexant
2475 snd_hda_codec_generic
1977 snd_hda_codec_hdmi
386 snd_hda_codec_idt
1663 snd_hda_codec_realtek
49 snd_hda_codec_si3054
86 snd_hda_codec_via
1787 snd_hda_controller
431 snd_hda_core
27 snd_hda_ext_core
2848 snd_hda_intel
2869 snd_hwdep
11 snd_i2c
1 snd_ice1712
10 snd_ice1724
11 snd_ice17xx_ak4xxx
271 snd_intel8x0
72 snd_intel8x0m
15 snd_intel_sst_acpi
15 snd_intel_sst_core
6 snd_mpu401
47 snd_mpu401_uart
21 snd_opl3_lib
4 snd_oxygen_lib
404 snd_page_alloc
3205 snd_pcm
10 snd_pt2258
279 snd_rawmidi
2020 snd_seq
2107 snd_seq_device
192 snd_seq_midi
6 snd_seq_midi_emul
192 snd_seq_midi_event
6 snd_seq_virmidi
157 snd_soc_core
11 snd_soc_max98090
113 snd_soc_rl6231
2 snd_soc_rl6347a
2 snd_soc_rt286
113 snd_soc_rt5640
1 snd_soc_rt5645
27 snd_soc_skl
27 snd_soc_skl_ipc
6 snd_soc_ssm4567
152 snd_soc_sst_acpi
2 snd_soc_sst_broadwell
5 snd_soc_sst_byt_max98090_mach
29 snd_soc_sst_dsp
2 snd_soc_sst_firmware
2 snd_soc_sst_haswell_pcm
29 snd_soc_sst_ipc
70 snd_soc_sst_match
15 snd_soc_sst_mfld_platform
3205 snd_timer
1 snd_trident
153 snd_usb_audio
2 snd_usb_caiaq
153 snd_usbmidi_lib
14 snd_util_mem
6 snd_via82xx
4 snd_via82xx_modem
4 snd_virtuoso
1 snd_vx_lib
1 snd_vxpocket
4 snd_wavefront
4 snd_wss_lib
26 soc_button_array
56 sony_laptop
3205 soundcore
252 sp5100_tco
1548 sparse_keymap
3230 squashfs
2432 sr_mod
401 ssb
3 SSH_AUTH_SOCK=/tmp/keyring-a5o6AM/ssh

3 SSH_AUTH_SOCK=/tmp/keyring-hmGFKh/ssh

10 stkwebcam
1 stp
1 surfacepro3_button
36 syscopyarea
36 sysfillrect
36 sysimgblt
2 TAILS_MACSPOOF_ENABLED=false
2 TAILS_NETCONF=direct

4 tda1004x
8 tda18271
4 tda827x
11 tda8290
1 tda9887
328 tg3
2 The
2025 thermal
2740 thermal_sys
195 thinkpad_acpi
17 thunderbolt
58 tifm_7xx1
58 tifm_core
19 tifm_sd
2 to
143 toshiba_acpi
167 toshiba_bluetooth
14 toshiba_haps
1663 tpm
404 tpm_bios
50 tpm_crb
343 tpm_infineon
1647 tpm_tis
145 tpm_tis_core
1596 ttm
1 tun
12 tuner
1 tuner_simple
1 tuner_types
1 tuner_xc2028
20 tveeprom
2 twofish_avx_x86_64
10 twofish_common
10 twofish_generic
4 twofish_i586
6 twofish_x86_64
6 twofish_x86_64_3way
442 uas
19 udf
1 ufs
1091 uhci_hcd
57 uinput
2 umount:
2 ums_cypress
3 ums_eneub6250
193 ums_realtek
3219 usb_common
3219 usbcore
2170 usbhid
94 usblp
179 usbnet
72 usbserial
2838 usb_storage
1 usbtest
1 usbtouchscreen
60 usb_wwan
2 user-setup
2 Using
2 /usr/share/fonts/X11/100dpi,

2 /usr/share/fonts/X11/100dpi/:unscaled,

2 /usr/share/fonts/X11/75dpi,

2 /usr/share/fonts/X11/75dpi/:unscaled,

2 /usr/share/fonts/X11/misc,

2 /usr/share/fonts/X11/Type1,

1582 uvcvideo
1049 v4l2_common
118 vboxguest
118 vboxsf
117 vboxvideo
2501 vfat
11 via686a
2 via_rhine
2880 video
1587 videobuf2_core
7 videobuf2_dma_sg
5 videobuf2_dvb
1587 videobuf2_memops
228 videobuf2_v4l2
1580 videobuf2_vmalloc
10 videobuf_core
8 videobuf_dma_sg
7 videobuf_dvb
2 videobuf_vmalloc
1621 videodev
38 virt_dma
67 virtio
64 virtio_balloon
5 virtio_blk
57 virtio_console
1 virtio_gpu
57 virtio_net
67 virtio_pci
67 virtio_ring
8 virtio_rng
3 virtio_scsi
51 vmw_balloon
59 vmwgfx
51 vmw_vmci
9 wacom
4 [WARNING]
14 wimax
12 Window
3 wistron_btns
2218 wmi
2 (WW)
25 x38_edac
1171 x86_pkg_temp_thermal
1 xc5000
1 xen_blkfront
1 xen_netfront
1 xfs
1294 xhci_hcd
244 xhci_pci
7 xor
2 X.Org
16 xpad
3230 x_tables
1195 xt_conntrack
3221 xt_LOG
3228 xt_multiport
3230 xt_owner
3221 xt_REDIRECT
716 xts
2035 xt_state
3230 xt_tcpudp
270 yenta_socket
2 zd1211rw
1 zlib_deflate

#23 Updated by Anonymous 2017-06-30 08:34:33

  • Assignee changed from Dr_Whax to anonym

The information that anonym asked for was provided.
The target version 2017 indicates that this ticket was on our roadmap for this year.
So, foundations team, please tell us what information is still missing, and who you expect it from.
Thanks!

#24 Updated by intrigeri 2017-06-30 09:52:58

  • Assignee changed from anonym to Dr_Whax

u wrote:
> So, foundations team, please tell us what information is still missing, and who you expect it from.

As the ticket description says, Dr_Whax is the person who committed to make this happen. The Foundations Team doesn’t have anything to do about it (yet).

#25 Updated by BitingBird 2017-08-28 20:15:11

  • Target version deleted (2017)

#26 Updated by Anonymous 2018-08-18 13:28:50

DrWhax: are you still interested in making this happen? If not please unassign yourself.

#27 Updated by mercedes508 2018-08-23 06:33:29

  • Subject changed from Blacklist rare network protocols to Blocklist rare network protocols

#28 Updated by Dr_Whax 2019-07-07 15:18:07

  • Assignee deleted (Dr_Whax)