lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 29 Nov 2017 10:53:41 -0800
From:   Linus Torvalds <>
To:     Kees Cook <>
Cc:     Geo Kozey <>,
        LSM List <>,
        Linux Kernel Mailing List <>,
Subject: Re: [kernel-hardening] Re: [PATCH v5 next 5/5] net: modules: use
 request_module_cap() to load 'netdev-%s' modules

On Wed, Nov 29, 2017 at 10:46 AM, Linus Torvalds
<> wrote:
> So the module flag is technically easy to add, and it's technically
> easy to read at module loading time, but I suspect that it's actually
> annoyingly hard to pass the original request_module() capability
> information around to where we actually read the module.

One possibly interesting approach would be to run the usermode helper
not as root, but with the credentials of the request_module() caller.

That's arguably the right thing to do (in that request_module() would
never do anything that the user wouldn't be able to do on their own)
and probably what we should have done originally, but while it feels
like a nice solution I suspect it would break pretty much every distro
out there.

Because they all expect modprobe/kmod to be called as root in the
original init-namespace.


Powered by blists - more mailing lists