Re: kernel module loading vs securelevel

[Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>]

> } > I'm just asking if "options INSECURE is mandaory to use autoloading,"
> } > not module/autoloading is secure/silly/boo or not.
> } 
> } No.  As far as I can tell, there's a bug in the relevant kauth listener,
> } at least in terms of the original intent of the author of the autoloading
> } code; the system scope kauth listener should return DEFER, not DENY.
> 
>      module_listener_cb() was added to kern_module.c in revision 1.51
> by elad.  The kauth_authorize_system() calls were added to
> kern_module.c by ad, but the respective commit log messages doesn't say
> anything about them, so the original intent of the author of the
> autoloading code (ad) is unclear.

The following patch makes autoload works even on securelevel > 0,
but I'm not sure if it's correct and acceptable.
If not, options INSECURE is the only way to enable it..

Index: secmodel/securelevel/secmodel_securelevel.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/securelevel/secmodel_securelevel.c,v
retrieving revision 1.20
diff -u -p -r1.20 secmodel_securelevel.c
--- secmodel/securelevel/secmodel_securelevel.c 7 Oct 2009 01:06:57 -0000       
1.20
+++ secmodel/securelevel/secmodel_securelevel.c 16 Oct 2010 22:15:11 -0000
@@ -254,7 +254,7 @@ secmodel_securelevel_system_cb(kauth_cre
                break;
 
        case KAUTH_SYSTEM_MODULE:
-               if (securelevel > 0)
+               if ((uintptr_t)arg2 == 0 && securelevel > 0)
                        result = KAUTH_RESULT_DENY;
                break;
 

---
Izumi Tsutsui