From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: "David Hildenbrand" <david@redhat.com>,
"Cleber Rosa" <crosa@redhat.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org,
"Michael S. Tsirkin" <mst@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Peter Lieven" <pl@kamp.de>, "Greg Kurz" <groug@kaod.org>,
qemu-s390x@nongnu.org,
"Ronnie Sahlberg" <ronniesahlberg@gmail.com>,
"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Kevin Wolf" <kwolf@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Max Reitz" <mreitz@redhat.com>,
qemu-ppc@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [PATCH v4 00/34] modules: add meta-data database
Date: Thu, 24 Jun 2021 19:02:53 +0100 [thread overview]
Message-ID: <YNTIzc3pik798KRI@work-vm> (raw)
In-Reply-To: <20210624172831.i4pck4moopfcgpbf@sirius.home.kraxel.org>
* Gerd Hoffmann (kraxel@redhat.com) wrote:
> On Thu, Jun 24, 2021 at 04:01:25PM +0100, Dr. David Alan Gilbert wrote:
> > * Gerd Hoffmann (kraxel@redhat.com) wrote:
> > > This patch series adds support for module meta-data. Today this is
> > > either hard-coded in qemu (see qemu_load_module_for_opts) or handled
> > > with manually maintained lists in util/module (see module_deps[] and
> > > qom_modules[]). This series replaced that scheme with annotation
> > > macros, so the meta-data can go into the module source code and -- for
> > > example -- the module_obj() annotations can go next to the TypeInfo
> > > struct for the object class.
> >
> > So this is slightly off-topic for the series; but kind of relevant,
> > but...
> > Is there a way to inhibit module loading after a given point?
>
> We could block loading after machine initialization.
> Has implications for hotplug though.
Yes; I was thinking perhaps a command to explicitly disable autoloading
if people worried about it.
> > I ask, because there's a fairly well known security escalation that
> > takes advantage of NSS loading of PAM modules; typically you have
> > your nice sandboxed application, you write out your nasty .so into the
> > sandbox and then somehow get your application to trigger the PAM module
> > load.
> > Now, what stops the same attack here?
>
> Placing a new .so at some random directory wouldn't work, qemu only
> loads modules from the search path (but I guess the same is true for
> pam).
Yes, I'm failing to find the CVE I vaguely remember about the details of
how it was messed up.
Dave
> With this patch series applied all modules are listed the in modinfo.c
> database (even if we don't have any metadata about them), so we could
> easily limit loading to modules known at compile time. Not sure how
> much that alone would improve security though, when the attacker is able
> to write to the qemu module directory it isn't much of a problem to just
> overwrite one of the existing modules.
>
> We could try work with hashes or signatures stored in modinfo ...
>
> take care,
> Gerd
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
prev parent reply other threads:[~2021-06-24 18:05 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 10:38 [PATCH v4 00/34] modules: add meta-data database Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 01/34] modules: add modinfo macros Gerd Hoffmann
2021-06-24 20:37 ` Eduardo Habkost
2021-07-06 17:07 ` Paolo Bonzini
2021-06-24 10:38 ` [PATCH v4 02/34] modules: collect module meta-data Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 03/34] modules: generate modinfo.c Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 04/34] modules: check if all dependencies can be satisfied Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 05/34] modules: add qxl module annotations Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 06/34] modules: add virtio-gpu " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 07/34] modules: add chardev " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 08/34] modules: add audio " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 09/34] modules: add usb-redir " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 10/34] modules: add ccid " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 11/34] modules: add ui " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 12/34] modules: add s390x " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 13/34] modules: add block " Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 14/34] modules: use modinfo for dependencies Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 15/34] modules: use modinfo for qom load Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 16/34] modules: use modinfo for qemu opts load Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 17/34] modules: add tracepoints Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 18/34] modules: check arch and block load on mismatch Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 19/34] modules: check arch on qom lookup Gerd Hoffmann
2024-08-27 15:37 ` Philippe Mathieu-Daudé
2024-08-28 7:45 ` Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 20/34] modules: target-specific module build infrastructure Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 21/34] modules: add documentation for module sourcesets Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 22/34] modules: add module_obj() note to QOM docs Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 23/34] modules: module.h kerneldoc annotations Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 24/34] modules: hook up modules.h to docs build Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 25/34] accel: autoload modules Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 26/34] accel: add qtest module annotations Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 27/34] accel: build qtest modular Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 28/34] accel: add tcg module annotations Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 29/34] accel: build tcg modular Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 30/34] monitor: allow register hmp commands Gerd Hoffmann
2021-06-24 14:55 ` Dr. David Alan Gilbert
2021-06-24 17:40 ` Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 31/34] usb: drop usb_host_dev_is_scsi_storage hook Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 32/34] monitor/usb: register 'info usbhost' dynamically Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 33/34] usb: build usb-host as module Gerd Hoffmann
2021-06-24 10:38 ` [PATCH v4 34/34] monitor/tcg: move tcg hmp commands to accel/tcg, register them dynamically Gerd Hoffmann
2021-06-24 14:57 ` Dr. David Alan Gilbert
2021-06-24 14:48 ` [PATCH v4 00/34] modules: add meta-data database Jose R. Ziviani
2021-06-24 15:01 ` Dr. David Alan Gilbert
2021-06-24 17:28 ` Gerd Hoffmann
2021-06-24 18:02 ` Dr. David Alan Gilbert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YNTIzc3pik798KRI@work-vm \
--to=dgilbert@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=crosa@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=ehabkost@redhat.com \
--cc=groug@kaod.org \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=lvivier@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=pl@kamp.de \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=ronniesahlberg@gmail.com \
--cc=samuel.thibault@ens-lyon.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).