| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Oct 2012 02:39:04 -0300
From: Lucas De Marchi <lucas.demarchi@...fusion.mobi>
To: Rusty Russell <rusty@...tcorp.com.au>
Cc: mtk.manpages@...il.com, "H. Peter Anvin" <hpa@...or.com>,
Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org, jonathon@...masters.org
Subject: Re: [PATCH 1/4] module: add syscall to load module from fd
On Thu, Oct 18, 2012 at 12:12 AM, Rusty Russell <rusty@...tcorp.com.au> wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com> writes:
>> Sure. But my point that started this subthread was: should we take the
>> opportunity now to add a 'flags' argument to the new finit_module()
>> system call, so as to allow flexibility in extending the behavior in
>> future? There have been so many cases of revised system calls in the
>> past few years that replaced calls without a 'flags' argument that it
>> seems worth at least some thought before the API is cast in stone.
>
> (CC's trimmed, Lucas & Jon added; please include them in module
> discussions!)
>
> So I tried to think of why we'd want flags; if I could think of a
> plausible reason, obviously we should do it now.
>
> I think it would be neat for the force flags (eg. ignoring modversions
> or ignoring kernel version). These are the only cases where libkmod
> needs to mangle the module.
Maybe we should put this back into kernel. With an fd we can't mangle
the module anymore to ignore modversions or kernel version.
So yes, I think a 'flags' param is indeed needed.
Side note: force won't work anymore by using init_module() and signed modules.
>
> So here's the patch which adds the flags field, but nothing in there
> yet. I'll add the remove flags soon, so libkmod can assume that if the
> syscall exists, those flags will work.
>
> Thoughts?
> Rusty.
>
> FIX: add flags arg to sys_finit_module()
>
> Thanks to Michael Kerrisk for keeping us honest.
>
> diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
> index 32bc035..8cf7b50 100644
> --- a/include/linux/syscalls.h
> +++ b/include/linux/syscalls.h
> @@ -868,5 +868,5 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
>
> asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
> unsigned long idx1, unsigned long idx2);
> -asmlinkage long sys_finit_module(int fd, const char __user *uargs);
> +asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags);
> #endif
> diff --git a/kernel/module.c b/kernel/module.c
> index 261bf82..8b8d986 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3260,7 +3260,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
> return load_module(&info, uargs);
> }
>
> -SYSCALL_DEFINE2(finit_module, int, fd, const char __user *, uargs)
> +SYSCALL_DEFINE2(finit_module, int, fd, const char __user *, uargs, int, flags)
> {
> int err;
> struct load_info info = { };
> @@ -3269,7 +3269,11 @@ SYSCALL_DEFINE2(finit_module, int, fd, const char __user *, uargs)
> if (err)
> return err;
>
> - pr_debug("finit_module: fd=%d, uargs=%p\n", fd, uargs);
> + pr_debug("finit_module: fd=%d, uargs=%p, flags=%i\n", fd, uargs, flags);
> +
> + /* Coming RSN... */
> + if (flags)
> + return -EINVAL;
>
> err = copy_module_from_fd(fd, &info);
> if (err)
Ack.
Lucas De Marchi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists