Description of problem: The realtime kernel has no need to support the AppleTalk protocol stack. Turn off CONFIG_DEV_APPLETALK in all rt kernel variants.
disabled CONFIG_DEV_APPLETALK and CONFIG_ATALK on kernel v1 (-134)
How about the ipddp module? Since we are turning off AppleTalk in -rt, we might as well turn off AppleTalk-IP too. Related to CVE-2009-2903.
I understand that disabling the module we also disabled the use of the code in net/appletalk/ddp.c. Please, let me know if I'm wrong.
(In reply to comment #3) > I understand that disabling the module we also disabled the use of the code in > net/appletalk/ddp.c. Please, let me know if I'm wrong. I believe so too.
Verified against kernel-rt-2.6.24.7-136 ** 2.6.24.7-132 [root@ibm-e326m ~]# grep TALK /boot/config-2.6.24.7-132.el5rt CONFIG_ATALK=m CONFIG_DEV_APPLETALK=m [root@ibm-e326m ~]# modprobe -v appletalk insmod /lib/modules/2.6.24.7-132.el5rt/kernel/net/appletalk/appletalk.ko [root@ibm-e326m ~]# lsmod | grep appletalk appletalk 41872 0 [root@ibm-e326m ~]# modprobe -rv appletalk rmmod /lib/modules/2.6.24.7-132.el5rt/kernel/net/appletalk/appletalk.ko [root@ibm-e326m ~]# ** 2.6.24.7-136 [root@hp-dl585g2-01 ~]# grep TALK /boot/config-2.6.24.7-136.el5rt # CONFIG_ATALK is not set [root@hp-dl585g2-01 ~]# modprobe -v appletalk FATAL: Module appletalk not found. [root@hp-dl585g2-01 ~]#
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1540.html