| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87r30ifmwz.fsf@rustcorp.com.au>
Date: Mon, 24 Apr 2017 13:59:48 +0930
From: Rusty Russell <rusty@...tcorp.com.au>
To: Djalal Harouni <tixxdz@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...nel.org>,
Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>, serge@...lyn.com,
kernel-hardening@...ts.openwall.com,
linux-security-module@...r.kernel.org
Cc: Linux API <linux-api@...r.kernel.org>,
Dongsu Park <dpark@...teo.net>,
Casey Schaufler <casey@...aufler-ca.com>,
James Morris <james.l.morris@...cle.com>,
Paul Moore <paul@...l-moore.com>,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jonathan Corbet <corbet@....net>, Jessica Yu <jeyu@...hat.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Ingo Molnar <mingo@...nel.org>, zendyani@...il.com,
Peter Zijlstra <peterz@...radead.org>,
Djalal Harouni <tixxdz@...il.com>
Subject: Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni <tixxdz@...il.com> writes:
> When value is (1), task must have CAP_SYS_MODULE to be able to trigger a
> module auto-load operation, or CAP_NET_ADMIN for modules with a
> 'netdev-%s' alias.
Sorry, the magic 'netdev-' prefix is a crawling horror. To do this
properly, you need to hand the capability (if any) from the
request_module() call. Probably by adding a new request_module_cap and
making request_module() call that, then fixing up the callers.
Cheers,
Rusty.
Powered by blists - more mailing lists