On Wed, Mar 12, 2014 at 10:15:00AM +0100, Pablo Neira Ayuso wrote: > > 7/9: > > whole nft_expr_autoload() looks scary from security point of view. > > If I'm reading it correctly, the code will do request_module() based on > > userspace request to attach filter? > > Only root can invoke that code so far. Oops, this is obviously wrong. This request_module part needs a fix indeed for the non-root part. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
