| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jul 2016 13:03:58 +0930
From: Rusty Russell <rusty@...tcorp.com.au>
To: Prarit Bhargava <prarit@...hat.com>, linux-kernel@...r.kernel.org
Cc: Prarit Bhargava <prarit@...hat.com>,
Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org
Subject: Re: [PATCH v3] Add kernel parameter to blacklist modules
Prarit Bhargava <prarit@...hat.com> writes:
> Blacklisting a module in linux has long been a problem. The current
> procedure is to use rd.blacklist=module_name, however, that doesn't
> cover the case after the initramfs and before a boot prompt (where one
> is supposed to use /etc/modprobe.d/blacklist.conf to blacklist
> runtime loading). Using rd.shell to get an early prompt is hit-or-miss,
> and doesn't cover all situations AFAICT.
>
> This patch adds this functionality of permanently blacklisting a module
> by its name via the kernel parameter module_blacklist=module_name.
>
> [v2]: Rusty, use core_param() instead of __setup() which simplifies
> things.
>
> [v3]: Rusty, undo wreckage from strsep()
There's no locking here, meaning that something can easily slip through
the blacklist.
This time for sure! (UNTESTED!)
static bool blacklisted(char *module_name)
{
const char *p;
size_t len;
if (!module_blacklist)
return false;
for (p = module_blacklist; *p; p += len) {
len = strcspn(p, ",");
if (strlen(module_name) == len && !memcmp(module_name, p, len))
return true;
if (p[len] == ',')
len++;
}
return false;
}
Thanks,
Rusty.
>
> Signed-off-by: Prarit Bhargava <prarit@...hat.com>
> Cc: Jonathan Corbet <corbet@....net>
> Cc: Rusty Russell <rusty@...tcorp.com.au>
> Cc: linux-doc@...r.kernel.org
> ---
> Documentation/kernel-parameters.txt | 3 +++
> kernel/module.c | 29 +++++++++++++++++++++++++++++
> 2 files changed, 32 insertions(+)
>
> diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
> index 82b42c958d1c..c720b96f2efc 100644
> --- a/Documentation/kernel-parameters.txt
> +++ b/Documentation/kernel-parameters.txt
> @@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
> Note that if CONFIG_MODULE_SIG_FORCE is set, that
> is always true, so this option does nothing.
>
> + module_blacklist= [KNL] Do not load a comma-separated list of
> + modules. Useful for debugging problem modules.
> +
> mousedev.tap_time=
> [MOUSE] Maximum time between finger touching and
> leaving touchpad surface for touch to be considered
> diff --git a/kernel/module.c b/kernel/module.c
> index 5f71aa63ed2a..5240da88af79 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3155,6 +3155,32 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr,
> return 0;
> }
>
> +/* module_blacklist is a comma-separated list of module names */
> +static char *module_blacklist;
> +static bool blacklisted(char *module_name)
> +{
> + char *str, *entry;
> +
> + if (!module_blacklist)
> + return false;
> +
> + str = module_blacklist;
> + do {
> + if (str != module_blacklist)
> + module_blacklist[strlen(str) - 1] = ',';
> + entry = strsep(&str, ",");
> + if (!strcmp(module_name, entry)) {
> + pr_info("module %s is blacklisted\n", module_name);
> + if (str != module_blacklist)
> + module_blacklist[strlen(str) - 1] = ',';
> + return true;
> + }
> + } while (str);
> +
> + return false;
> +}
> +core_param(module_blacklist, module_blacklist, charp, 0400);
> +
> static struct module *layout_and_allocate(struct load_info *info, int flags)
> {
> /* Module within temporary copy. */
> @@ -3165,6 +3191,9 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
> if (IS_ERR(mod))
> return mod;
>
> + if (blacklisted(mod->name))
> + return ERR_PTR(-EPERM);
> +
> err = check_modinfo(mod, info, flags);
> if (err)
> return ERR_PTR(err);
> --
> 1.7.9.3
Powered by blists - more mailing lists