tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel



On Sat, 16 Oct 2010, Izumi Tsutsui wrote:

autoload/autounload does NOT perform any authorization checks - please
look at the code!  No checking of securelevel occurs, as far as I can
see.  For autoload, the module name must not contain a '/', so if the
module is being loaded from the file system it must be loaded from the
"blessed" /stand/${ARCH}/${VERSION}/modules directory.  Including the
INSECURE option will have no effect on autoloading of modules.

Hmm.

I built MODULAR kernels on news68k and sun3 (which didn't have INSECURE)
but I couldn't use TMPFS or execute a.out binaries on multiuser
though they worked after shutdown(8) or on single user.

The code doesn't work as intended and just we should fix it?

Hmmm. Maybe I am reading the code wrong. But the intent of the code seems to be quite clear. The manual load explicitly calls kauth_...() while the auto-load path does not make any such call.

Perhaps there is an additional authorization call in kobj_load_vfs() (which does the actual loading). A quick grep of subr_kobj*.c for kauth_ does not reveal anything obvious.

Could you rerun your testing after setting sysctl kern.module.verbose? This should provide extra kernel debug printf() messages...



-------------------------------------------------------------------------
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------


Home | Main Index | Thread Index | Old Index