| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Nov 2017 10:53:41 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Geo Kozey <geokozey@...lfence.com>,
LSM List <linux-security-module@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>
Subject: Re: [kernel-hardening] Re: [PATCH v5 next 5/5] net: modules: use
request_module_cap() to load 'netdev-%s' modules
On Wed, Nov 29, 2017 at 10:46 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> So the module flag is technically easy to add, and it's technically
> easy to read at module loading time, but I suspect that it's actually
> annoyingly hard to pass the original request_module() capability
> information around to where we actually read the module.
One possibly interesting approach would be to run the usermode helper
not as root, but with the credentials of the request_module() caller.
That's arguably the right thing to do (in that request_module() would
never do anything that the user wouldn't be able to do on their own)
and probably what we should have done originally, but while it feels
like a nice solution I suspect it would break pretty much every distro
out there.
Because they all expect modprobe/kmod to be called as root in the
original init-namespace.
Linus
Powered by blists - more mailing lists