From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rusty Russell In-Reply-To: <1492640420-27345-3-git-send-email-tixxdz@gmail.com> References: <1492640420-27345-1-git-send-email-tixxdz@gmail.com> <1492640420-27345-3-git-send-email-tixxdz@gmail.com> Date: Mon, 24 Apr 2017 13:59:48 +0930 Message-ID: <87r30ifmwz.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Subject: [kernel-hardening] Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction To: Djalal Harouni , Linux Kernel Mailing List , Andy Lutomirski , Kees Cook , Andrew Morton , serge@hallyn.com, kernel-hardening@lists.openwall.com, linux-security-module@vger.kernel.org Cc: Linux API , Dongsu Park , Casey Schaufler , James Morris , Paul Moore , Tetsuo Handa , Greg Kroah-Hartman , Jonathan Corbet , Jessica Yu , Arnaldo Carvalho de Melo , Mauro Carvalho Chehab , Ingo Molnar , zendyani@gmail.com, Peter Zijlstra List-ID: Djalal Harouni writes: > When value is (1), task must have CAP_SYS_MODULE to be able to trigger a > module auto-load operation, or CAP_NET_ADMIN for modules with a > 'netdev-%s' alias. Sorry, the magic 'netdev-' prefix is a crawling horror. To do this properly, you need to hand the capability (if any) from the request_module() call. Probably by adding a new request_module_cap and making request_module() call that, then fixing up the callers. Cheers, Rusty. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rusty Russell Subject: Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction Date: Mon, 24 Apr 2017 13:59:48 +0930 Message-ID: <87r30ifmwz.fsf@rustcorp.com.au> References: <1492640420-27345-1-git-send-email-tixxdz@gmail.com> <1492640420-27345-3-git-send-email-tixxdz@gmail.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: In-Reply-To: <1492640420-27345-3-git-send-email-tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Linux Kernel Mailing List , Andy Lutomirski , Kees Cook , Andrew Morton , serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org, kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: Linux API , Dongsu Park , Casey Schaufler , James Morris , Paul Moore , Tetsuo Handa , Greg Kroah-Hartman , Jonathan Corbet , Jessica Yu , Arnaldo Carvalho de Melo , Mauro Carvalho Chehab , Ingo Molnar , zendyani-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, Peter Zijlstra , Djalal Harouni List-Id: linux-api@vger.kernel.org Djalal Harouni writes: > When value is (1), task must have CAP_SYS_MODULE to be able to trigger a > module auto-load operation, or CAP_NET_ADMIN for modules with a > 'netdev-%s' alias. Sorry, the magic 'netdev-' prefix is a crawling horror. To do this properly, you need to hand the capability (if any) from the request_module() call. Probably by adding a new request_module_cap and making request_module() call that, then fixing up the callers. Cheers, Rusty. From mboxrd@z Thu Jan 1 00:00:00 1970 From: rusty@rustcorp.com.au (Rusty Russell) Date: Mon, 24 Apr 2017 13:59:48 +0930 Subject: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction In-Reply-To: <1492640420-27345-3-git-send-email-tixxdz@gmail.com> References: <1492640420-27345-1-git-send-email-tixxdz@gmail.com> <1492640420-27345-3-git-send-email-tixxdz@gmail.com> Message-ID: <87r30ifmwz.fsf@rustcorp.com.au> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org Djalal Harouni writes: > When value is (1), task must have CAP_SYS_MODULE to be able to trigger a > module auto-load operation, or CAP_NET_ADMIN for modules with a > 'netdev-%s' alias. Sorry, the magic 'netdev-' prefix is a crawling horror. To do this properly, you need to hand the capability (if any) from the request_module() call. Probably by adding a new request_module_cap and making request_module() call that, then fixing up the callers. Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1164698AbdDXEcU (ORCPT ); Mon, 24 Apr 2017 00:32:20 -0400 Received: from ozlabs.org ([103.22.144.67]:58083 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932465AbdDXEcL (ORCPT ); Mon, 24 Apr 2017 00:32:11 -0400 From: Rusty Russell To: Djalal Harouni , Linux Kernel Mailing List , Andy Lutomirski , Kees Cook , Andrew Morton , serge@hallyn.com, kernel-hardening@lists.openwall.com, linux-security-module@vger.kernel.org Cc: Linux API , Dongsu Park , Casey Schaufler , James Morris , Paul Moore , Tetsuo Handa , Greg Kroah-Hartman , Jonathan Corbet , Jessica Yu , Arnaldo Carvalho de Melo , Mauro Carvalho Chehab , Ingo Molnar , zendyani@gmail.com, Peter Zijlstra , Djalal Harouni Subject: Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction In-Reply-To: <1492640420-27345-3-git-send-email-tixxdz@gmail.com> References: <1492640420-27345-1-git-send-email-tixxdz@gmail.com> <1492640420-27345-3-git-send-email-tixxdz@gmail.com> User-Agent: Notmuch/0.22.1 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Mon, 24 Apr 2017 13:59:48 +0930 Message-ID: <87r30ifmwz.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Djalal Harouni writes: > When value is (1), task must have CAP_SYS_MODULE to be able to trigger a > module auto-load operation, or CAP_NET_ADMIN for modules with a > 'netdev-%s' alias. Sorry, the magic 'netdev-' prefix is a crawling horror. To do this properly, you need to hand the capability (if any) from the request_module() call. Probably by adding a new request_module_cap and making request_module() call that, then fixing up the callers. Cheers, Rusty.