lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070201135547.4149dc15.randy.dunlap@oracle.com>
Date:	Thu, 1 Feb 2007 13:55:47 -0800
From:	Randy Dunlap <randy.dunlap@...cle.com>
To:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...l.org>,
	Jon Masters <jonathan@...masters.org>,
	Alexey Dobriyan <adobriyan@...il.com>
Subject: Re: [PATCH] Ban module license tag string termination trick

On Thu, 1 Feb 2007 22:20:09 +0100 (MET) Jan Engelhardt wrote:

> ___The kernel patch___
> 
> Just a few notes here.
> 
> 
> Comments welcome.

Good idea.

A diffstat summary would have been nice.
  (See Documentation/SubmittingPatches)

Use a space between "if" and "(" below (multiple times):
  see Documentation/CodingStyle.


> Index: linux-2.6.20-rc7/kernel/module.c
> ===================================================================
> --- linux-2.6.20-rc7.orig/kernel/module.c
> +++ linux-2.6.20-rc7/kernel/module.c
> @@ -1389,10 +1389,21 @@ static void layout_sections(struct modul
>  	}
>  }
>  
> -static void set_license(struct module *mod, const char *license)
> +static int set_license(struct module *mod, Elf_Shdr *sechdr)
>  {
> -	if (!license)
> -		license = "unspecified";
> +	const char *license = "unspecified";
> +
> +	if(sechdr != NULL) {
> +		license = (const char *)sechdr->sh_addr;
> +
> +		/* Allow both non-terminated strings and NUL-terminated
> +		strings, as long as no string termination trick is done. */
> +		if(strnlen(license, sechdr->sh_size) + 1 != sechdr->sh_size) {
> +			printk(KERN_WARNING "Module \"%s\" has invalid "
> +			       ".modlicense section\n", mod->name);
> +			return -EINVAL;
> +		}
> +	}
>  
>  	if (!license_is_gpl_compatible(license)) {
>  		if (!(tainted & TAINT_PROPRIETARY_MODULE))
> @@ -1400,6 +1411,8 @@ static void set_license(struct module *m
>  				"kernel.\n", mod->name, license);
>  		add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
>  	}
> +
> +	return 0;
>  }
>  
>  /* Parse tag=value strings from .modinfo section */
> @@ -1549,6 +1562,7 @@ static struct module *load_module(void _
>  	unsigned int modindex;
>  	unsigned int obsparmindex;
>  	unsigned int infoindex;
> +	unsigned int license_index;
>  	unsigned int gplindex;
>  	unsigned int crcindex;
>  	unsigned int gplcrcindex;
> @@ -1653,6 +1667,7 @@ static struct module *load_module(void _
>  	obsparmindex = find_sec(hdr, sechdrs, secstrings, "__obsparm");
>  	versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
>  	infoindex = find_sec(hdr, sechdrs, secstrings, ".modinfo");
> +	license_index = find_sec(hdr, sechdrs, secstrings, ".modlicense");
>  	pcpuindex = find_pcpusec(hdr, sechdrs, secstrings);
>  #ifdef ARCH_UNWIND_SECTION_NAME
>  	unwindex = find_sec(hdr, sechdrs, secstrings, ARCH_UNWIND_SECTION_NAME);
> @@ -1660,6 +1675,8 @@ static struct module *load_module(void _
>  
>  	/* Don't keep modinfo section */
>  	sechdrs[infoindex].sh_flags &= ~(unsigned long)SHF_ALLOC;
> +	if(license_index)
> +		sechdrs[license_index].sh_flags &= ~SHF_ALLOC;
>  #ifdef CONFIG_KALLSYMS
>  	/* Keep symbol and string tables for decoding later. */
>  	sechdrs[symindex].sh_flags |= SHF_ALLOC;
> @@ -1769,7 +1786,10 @@ static struct module *load_module(void _
>  	module_unload_init(mod);
>  
>  	/* Set up license info based on the info section */
> -	set_license(mod, get_modinfo(sechdrs, infoindex, "license"));
> +	err = set_license(mod, (license_index != 0) ?
> +	      &sechdrs[license_index] : NULL);
> +	if(err)
> +		goto cleanup;
>  
>  	if (strcmp(mod->name, "ndiswrapper") == 0)
>  		add_taint(TAINT_PROPRIETARY_MODULE);


---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ