lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <1216021953.11189.4.camel@johannes.berg>
Date:	Mon, 14 Jul 2008 09:52:33 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	Rusty Russell <rusty@...tcorp.com.au>,
	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next 00/11] remove CONFIG_KMOD

On Sun, 2008-07-13 at 17:03 +0200, Andi Kleen wrote:
> Johannes Berg <johannes@...solutions.net> writes:
> 
> > I've rebased this patch series against -next-20080708 (one conflict
> > against ftrace, another against BKL pushdown) and fixed the things
> > Adrian Bunk pointed out.
> 
> You forgot to say why you want to remove that?

Indeed, I did. Well for one, it's pointless. As Rusty pointed out, you
can achieve pretty much the same thing by putting /bin/true into the
modprobe path, and the option protects only very little code.

Secondly, the option has a lot of potential for misuse. A lot of people
tend to unset it because they think they can load modules manually, but
then they forget all the dependencies that aren't link-time resolvable
like crypto providers: if you request an encryption with RC4 the arc4
module will be loaded by the crypto provider code, but this isn't a
link-time dependency so modprobe cannot resolve it. We're getting bug
reports like that probably about bi-weekly or so and I suspect distros
are getting many more.
Hence, it's beneficial to remove the option, those who really do need to
turn off module autoloading can still do it at runtime which even
benefits them because it allows them finer-grained control, and others
are left with less potential to screw up their kernel config.

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ