Re: request_module vs. modprobe blacklist (and security subsystem implications)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, arjan@infradead.org,
	randy.dunlap@oracle.com, rusty@rustcorp.com.au,
	andi@firstfloor.org, dhowells@redhat.com,
	akpm@linux-foundation.org
Subject: Re: request_module vs. modprobe blacklist (and security subsystem implications)
Date: Wed, 21 Oct 2009 18:12:38 -0700	[thread overview]
Message-ID: <m14opss03d.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <1256137348.4443.39.camel@dhcp231-106.rdu.redhat.com> (Eric Paris's message of "Wed\, 21 Oct 2009 11\:02\:28 -0400")

Eric Paris <eparis@redhat.com> writes:

> I recently added a new LSM hook into __request_module(),
> security_kernel_module_request().  This new hook checks if a process
> should have permission to trigger the loading of a kernel module.  The
> attack vector imagined was that some module (IPX for example) has a
> vulnerability.  An attack program (which doesn't have permission to load
> the IPX module directly) might be able to get the networking stack to
> try to autoload the module.  Once loaded the attack program could then
> use the larger surface area to exploit the kernel.
>
> We have found that many users disable the IPv6 module by setting their
> modprobe config to look like:
>
> blacklist ipv6
> install ipv6 /bin/true

They need to be using /proc/sys/net/ipv6/conf/*/disable_ipv6 instead.
As the above scenario keeps the bonding driver from loading.

Eric

     prev parent reply	other threads:[~2009-10-22  1:12 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-21 15:02 request_module vs. modprobe blacklist (and security subsystem implications) Eric Paris
2009-10-21 19:11 ` Alan Jenkins
2009-10-21 19:27   ` Eric Paris
2009-10-21 21:00     ` Alan Jenkins
2009-10-22  5:56     ` Rusty Russell
2009-10-22 14:30       ` Eric Paris
2009-10-23  9:16         ` Rusty Russell
2009-10-23 14:23           ` Eric Paris
2009-10-23 14:59             ` Rusty Russell
2009-10-22  0:48 ` Andi Kleen
2009-10-22  1:12 ` Eric W. Biederman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m14opss03d.fsf@fess.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=akpm@linux-foundation.org \
    --cc=andi@firstfloor.org \
    --cc=arjan@infradead.org \
    --cc=dhowells@redhat.com \
    --cc=eparis@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=randy.dunlap@oracle.com \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.