Re: kernel module loading vs securelevel

[Paul Goyette <paul%whooppee.com@localhost>]

On Sat, 16 Oct 2010, David Holland wrote:

> > And also make the "blessed" directory itself immutable?  :)
>
> As I recall the semantics of immutable are such that this isn't
> necessary to protect modules that are present at boot time (that is,
> they can't be unlinked/renamed/etc.), and if there are autoloadable
> modules whose names aren't present at boot time, they'll fail the
> check.

I've already misread the code here once, but...

As far as I can tell, each time a module_autoload call is made, if the 
module is neither built-in nor passed in by the boot loader, the code 
will attempt to load it via a call to kobj_load_vfs() which has path as 
an argument.  It doesn't appear to me that there is any pre-approved 
list of acceptable objects that can be loaded from the file system.

BTW, does the immutable flag prevent one from using an immutable 
directory as the mount-point for some other file system?  Hmmm...



-------------------------------------------------------------------------
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------