| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Jan 2013 02:41:27 +0100 From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com> To: Kees Cook <keescook@...omium.org> Cc: Rusty Russell <rusty@...tcorp.com.au>, "H. Peter Anvin" <hpa@...or.com>, LKML <linux-kernel@...r.kernel.org>, Lucas De Marchi <lucas.demarchi@...fusion.mobi>, jonathon@...masters.org, linux-man@...r.kernel.org Subject: Re: [PATCH 1/4] module: add syscall to load module from fd On Sun, Jan 6, 2013 at 9:24 PM, Kees Cook <keescook@...omium.org> wrote: > On Sun, Jan 6, 2013 at 11:59 AM, Michael Kerrisk (man-pages) > <mtk.manpages@...il.com> wrote: >> Hi Rusty, (and Lucas, and Kees) >> >> On Thu, Jan 3, 2013 at 1:12 AM, Rusty Russell <rusty@...tcorp.com.au> wrote: >>> Michael Kerrisk <mtk.manpages@...il.com> writes: >>>> Hi Rusty, >>> >>> Hi Michael, >>> >>>> The description here is rather thin. Could you supply a sentence or >>>> two for each of MODULE_INIT_IGNORE_MODVERSIONS and >>>> MODULE_INIT_IGNORE_VERMAGIC that would be suitable for the manual >>>> page? >>>> >>>> Thanks, >>> >>> There are one or two safety checks built into a module, which are >>> checked to match the kernel on module load. The first is a "vermagic" >>> string containing the kernel version number and prominent features (such >>> as CPU type). If the module was built with CONFIG_MODVERSIONS set, a >>> version hash is recorded for each symbol the module uses based on the >>> types it refers to: in this case, the kernel version number within the >>> "vermagic" string is ignored, as the symbol version hashes are assumed >>> to be sufficiently reliable. >>> >>> Using the MODULE_INIT_IGNORE_VERMAGIC flag indicates that the vermagic >>> is to be ignored, and the MODULE_INIT_IGNORE_MODVERSIONS flag indicates >>> that the version hashes are to be ignored. If the kernel is built to >>> permit such forced loading (ie. CONFIG_MODULE_FORCE_LOAD is set) then >>> loading will continue, otherwise it will fail with ENOEXEC as expected >>> for malformed modules. >>> >>> Hope that is more usable? >> >> Yes, that helps. I did some reworking of that text. Hopefully, I did >> not introduce any errors. >> >> Below is the text that is proposed to document finit_module() in the >> man pages. I'd appreciate any review (Kees, Lucas, Rusty?) > > Looks good to me! > > Reviewed-by: Kees Cook <keescook@...omium.org> Thanks Kees! -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists