lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1312458165@web.de>
Date:	Sat, 16 Sep 2006 12:25:58 +0200
From:	devzero@....de
To:	linux-kernel@...r.kernel.org
Subject: show all modules which taint the kernel ?

Hello !

i wonder if there is a command which lets me determine at runtime, if there is any module loaded which taints the kernel. (not from dmesg)

i would have expected a special option to lsmod which shows this information with every module.

ok, there is modinfo which will tell me "supported : yes" for single modules , but output is somewhat inconsistent and i would need to write a little script which combines lsmod and modinfo to show appropriate information.

e.g. - this is a module delivered with the kernel package:

vserver2:/proc # modinfo ac
filename:       /lib/modules/2.6.8-24.24-default/kernel/drivers/acpi/ac.ko
author:         Paul Diefenbaugh
description:    ACPI AC Adapter Driver
license:        GPL
vermagic:       2.6.8-24.24-default 586 REGPARM gcc-3.3
supported:      yes  <- (!)
depends:


this is a module  compiled and installed afterwards:

vserver2:/proc # modinfo fuse
filename:       /lib/modules/2.6.8-24.24-default/kernel/fs/fuse/fuse.ko
alias:          char-major-10-229
author:         Miklos Szeredi <miklos@...redi.hu>
description:    Filesystem in Userspace
license:        GPL
vermagic:       2.6.8-24.24-default 586 REGPARM gcc-3.3
depends:

i would have expected "supported:   no" or "attention, this module taints the kernel!", because when loading it gave:

"Sep 15 20:02:46 vserver2 kernel: fuse: module not supported by Novell, setting U taint flag."

how can i read that information "U taint"  AFTER loading a (binary...) module ?

i think it would be useful to have an easy way to list all modules which taint the kernel, so we can see quick, which crappy binary module is running inside a user`s kernel.

furthermore -  i came across a strange posting on the vmware forum:

a user complains about a kernel panic and there is a discussion if it`s due to bug in vmware kernel module or aacraid driver.

whoever is the evil one -  the kernel panic message shows every module with an "(U)" flag:

List corruption. next->prev should be f7481858, but was f748313c
------------[ cut here ]------------
kernel BUG at include/linux/list.h:185!
invalid opcode: 0000 [#1]
SMP
last sysfs file: /class/scsi_host/host0/proc_name
Modules linked in: radeon(U) drm(U) ipv6(U) autofs4(U) ppdev(U) lm85(U) w83781d
(U) hwmon_vid(U) hwmon(U) i2c_isa(U) vmnet(U) vmmon(U) sunrpc(U) vfat(U) fat
(U) dm_mirror(U) dm_mod(U) video(U) button(U) battery(U) ac(U) lp(U) parport_pc
(U) parport(U) snd_intel8x0(U) snd_ac97_codec(U) snd_ac97_bus(U) ftdi_sio(U)
snd_seq_dummy(U) usbserial(U) snd_seq_oss(U) snd_seq_midi_event(U) snd_seq(U)
snd_seq_device(U) snd_pcm_oss(U) snd_mixer_oss(U) 3c59x(U) snd_pcm(U) e1000(U)
mii(U) ohci1394(U) ieee1394(U) snd_timer(U) sg(U) snd(U) uhci_hcd(U) ehci_hcd
(U) i2c_i801(U) serio_raw(U) soundcore(U) e7xxx_edac(U) snd_page_alloc(U)
floppy(U) i2c_core(U) edac_mc(U) ext3(U) jbd(U) aacraid(U) sd_mod(U) scsi_mod
(U)
CPU: 1
EIP: 0060:[<f88704ce>] Tainted: P VLI
EFLAGS: 00013096 (2.6.17-vmhost #1)
EIP is at aac_intr_normal+0x1cc/0x267 [aacraid] 

i wonder how someone can have so many tainted modules loaded at the same time, so i`m unsure if (U) means "tainted" in this context.

can someone probably explain ?

regards
roland

__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!		
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ