From: James Morris <james.l.morris@oracle.com>
To: David Miller <davem@davemloft.net>
Cc: torvalds@linux-foundation.org, tixxdz@gmail.com,
keescook@chromium.org, luto@kernel.org,
akpm@linux-foundation.org, mcgrof@kernel.org,
ben.hutchings@codethink.co.uk, solar@openwall.com,
serge@hallyn.com, jeyu@kernel.org, rusty@rustcorp.com.au,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com, corbet@lwn.net,
mingo@kernel.org, netdev@vger.kernel.org, peterz@infradead.org
Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure
Date: Tue, 28 Nov 2017 09:31:18 +1100 (AEDT) [thread overview]
Message-ID: <alpine.LFD.2.20.1711280924350.11830@localhost> (raw)
In-Reply-To: <20171128.041426.801732093971324601.davem@davemloft.net>
On Tue, 28 Nov 2017, David Miller wrote:
> From: Linus Torvalds <torvalds@linux-foundation.org>
> Date: Mon, 27 Nov 2017 10:41:30 -0800
>
> > What are the real life use-cases for normal users having modules
> > auto-load?
>
> User opens SCTP socket, SCTP protocol module loads.
>
> People build test cases via namespaces, and in that namespaces normal
> users can setup virtual tunnel devices themselves, and those configure
> operations can bring the tunnel module in.
What about implementing a white list of modules which are able to be
loaded by unprivileged users?
Then, Linus' solution would look something like:
va_start(args, fmt);
ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
va_end(args);
if (WARN_ON_ONCE(!capable(CAP_SYS_MODULE) ||
!capable(CAP_SYS_ADMIN) ||
!capable(CAP_NET_ADMIN) ||
!unprivileged_autoload(module_name)))
return -EPERM;
--
James Morris
<james.l.morris@oracle.com>
next prev parent reply other threads:[~2017-11-27 22:31 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 17:18 [PATCH v5 next 0/5] Improve Module autoloading infrastructure Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() Djalal Harouni
2017-11-27 18:48 ` Randy Dunlap
2017-11-27 21:35 ` Djalal Harouni
2017-11-28 19:14 ` Luis R. Rodriguez
2017-11-28 20:11 ` Kees Cook
2017-11-28 21:16 ` Luis R. Rodriguez
2017-11-28 21:33 ` Djalal Harouni
2017-11-28 22:18 ` Luis R. Rodriguez
2017-11-28 22:52 ` Djalal Harouni
2017-11-28 21:39 ` Kees Cook
2017-11-28 22:12 ` Luis R. Rodriguez
2017-11-28 22:18 ` Kees Cook
2017-11-28 22:48 ` Luis R. Rodriguez
2017-11-29 7:49 ` Michal Kubecek
2017-11-29 13:46 ` Alan Cox
2017-11-29 14:50 ` David Miller
2017-11-29 15:54 ` Theodore Ts'o
2017-11-29 15:58 ` David Miller
2017-11-29 16:29 ` Theodore Ts'o
2017-11-29 22:45 ` Linus Torvalds
2017-11-30 0:06 ` Kees Cook
2017-11-29 17:28 ` Serge E. Hallyn
2017-11-30 0:35 ` Theodore Ts'o
2017-11-30 17:17 ` Serge E. Hallyn
2017-11-28 20:18 ` Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 2/5] modules:capabilities: add cap_kernel_module_request() permission check Djalal Harouni
2017-11-30 2:05 ` Luis R. Rodriguez
2017-11-27 17:18 ` [PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction Djalal Harouni
2017-11-30 1:23 ` Luis R. Rodriguez
2017-11-30 12:22 ` Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 4/5] modules:capabilities: add a per-task modules auto-load mode Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules Djalal Harouni
2017-11-27 18:44 ` Linus Torvalds
2017-11-27 21:41 ` Djalal Harouni
2017-11-27 22:04 ` Linus Torvalds
2017-11-27 22:59 ` Kees Cook
2017-11-27 23:14 ` Linus Torvalds
2017-11-27 23:19 ` Kees Cook
2017-11-27 23:35 ` Linus Torvalds
2017-11-28 1:23 ` Kees Cook
2017-11-27 18:41 ` [PATCH v5 next 0/5] Improve Module autoloading infrastructure Linus Torvalds
2017-11-27 19:02 ` Linus Torvalds
2017-11-27 19:12 ` Linus Torvalds
2017-11-27 21:31 ` Djalal Harouni
2017-11-27 19:14 ` David Miller
2017-11-27 22:31 ` James Morris [this message]
2017-11-27 23:04 ` Kees Cook
2017-11-27 23:44 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.20.1711280924350.11830@localhost \
--to=james.l.morris@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rusty@rustcorp.com.au \
--cc=serge@hallyn.com \
--cc=solar@openwall.com \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).