Re: [RFC] tcp: setsockopt congestion control autoload

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Hemminger <shemminger@osdl.org>
To: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [RFC] tcp: setsockopt congestion control autoload
Date: Thu, 26 Oct 2006 08:23:14 -0700	[thread overview]
Message-ID: <20061026082314.1dcea52c@freekitty> (raw)
In-Reply-To: <20061026145712.GA11062@2ka.mipt.ru>

On Thu, 26 Oct 2006 18:57:13 +0400
Evgeniy Polyakov <johnpol@2ka.mipt.ru> wrote:

> On Thu, Oct 26, 2006 at 07:34:57AM -0700, Stephen Hemminger (shemminger@osdl.org) wrote:
> > Evgeniy Polyakov wrote:
> > >On Wed, Oct 25, 2006 at 11:08:43AM -0700, Stephen Hemminger 
> > >(shemminger@osdl.org) wrote:
> > >  
> > >>If user asks for a congestion control type with setsockopt() then it
> > >>may be available as a module not included in the kernel already. 
> > >>It should be autoloaded if needed.  This is done already when
> > >>the default selection is change with sysctl, but not when application
> > >>requests via sysctl.
> > >>
> > >>Only reservation is are there any bad security implications from this?
> > >>    
> > >
> > >What if system is badly configured, so it is possible to load malicious
> > >module by kernel?
> > >
> > The kernel module loader has a fixed path. So one would have to be able 
> > to create a module
> > in /lib/modules/<kernel release> in order to get the malicious code 
> > loaded.  If the intruder could
> > put a module there, it would be just as easy to patch an existing module 
> > and have the
> > hack available on reboot.
> 
> It just calls /sbin/modprobe, which in turn runs tons of scripts in
> /etc/hotplug, modprobe and other places...
> In the paranoid case we should not allow any user to load kernel
> modules, even known ones. Should this option be guarded by some
> capability check?
> 

No capability check needed. Any additional paranoia belongs in /sbin/modprobe.

There seems to be lots of existing usage where a user can cause a module
to be loaded (see bin_fmt, xtables, etc).

-- 
Stephen Hemminger <shemminger@osdl.org>

next prev parent reply	other threads:[~2006-10-26 15:28 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-10-25 18:08 [RFC] tcp: setsockopt congestion control autoload Stephen Hemminger
2006-10-25 23:21 ` Patrick McHardy
2006-10-26  5:22 ` Evgeniy Polyakov
2006-10-26 14:34   ` Stephen Hemminger
2006-10-26 14:57     ` Evgeniy Polyakov
2006-10-26 15:23       ` Stephen Hemminger [this message]
2006-10-26 17:05         ` Patrick McHardy
2006-10-26 20:55       ` David Miller
2006-10-26 17:29 ` John Heffner
2006-10-26 20:57   ` David Miller
2006-10-26 22:44   ` Hagen Paul Pfeifer
2006-10-26 22:53     ` John Heffner
2006-10-26 23:52     ` [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm Hagen Paul Pfeifer
2006-10-26 23:59       ` Ian McDonald
2006-10-27  0:07         ` David Miller
2006-10-27  0:20           ` Ian McDonald
2006-10-27  0:02       ` David Miller
2006-10-27 10:43         ` Hagen Paul Pfeifer
2006-10-27 14:41           ` Stephen Hemminger
2006-10-27 15:21             ` Hagen Paul Pfeifer
2006-10-27 15:48               ` Stephen Hemminger
2006-10-27 17:30                 ` [PATCH] tcp: don't allow unfair congestion control to be built without warning Stephen Hemminger
2006-10-27 17:43                   ` John Heffner
2006-10-27 17:59                     ` [PATCH] tcp: allow restricting congestion control choices Stephen Hemminger
2006-10-27 21:17                   ` [PATCH] tcp: don't allow unfair congestion control to be built without warning David Miller
2006-10-27 21:24                     ` Stephen Hemminger
2006-10-27 21:37                       ` David Miller
2006-10-27 21:59                         ` Stephen Hemminger
2006-10-27 22:12                           ` David Miller
2006-10-27 22:21                             ` Stephen Hemminger
2006-10-27 22:24                               ` David Miller
2006-10-28  0:48                                 ` Stephen Hemminger
2006-10-28  3:10                                   ` [RFC] tcp: available congetsion control Stephen Hemminger
2006-10-27 21:22             ` [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm David Miller
2006-10-27  1:03       ` Stephen Hemminger
2006-10-27 18:14 ` [PATCH] tcp: setsockopt congestion control autoload Stephen Hemminger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061026082314.1dcea52c@freekitty \
    --to=shemminger@osdl.org \
    --cc=davem@davemloft.net \
    --cc=johnpol@2ka.mipt.ru \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).