On 08/07/12 11:09, Laurie Mercer wrote: > > However, the other entries in this file are not in this format, rather > they use 'alias XXX off' format, e.g. rds is 'alias net-pf-21 off'. I > cannot see where the mapping between rds and net-pf-21 is, and according > to the man pages alias simply gives an alternative name for a module. So > I am a little confused. > net-pf-21 is the alias internal to the module. The modules themselves have the ability to add aliases. You can use the modinfo tool to see this.
An alias directive will be processed and overwrite any attempt to load module X. In that for "alias X Y", "modprove X" becomes "modprobe Y" and X is then never loaded. However if X is an alias then it's target would still be available. I don't know if aliases are done recursively, given "alias Z X" would X or Y be loaded for "modprobe Z"? P.S. Your assessment about blacklist seams to be correct, udev calls modprobe with the necessary '-b' option to enable processing of the blacklist. The kernel's invocation of modprobe, see /proc/sys/kernel/modprobe, would not. Bottom line if you want it never in your kernel for security then install is the directive you should use. You should list the modules' name not any of it's aliases and the aliases will get caught up in your install directive. > > -- > Laurie Mercer > _________________________ > lsmer...@gmail.com <mailto:lsmer...@gmail.com> -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50230270.7000...@mikemestnik.net