| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110227.151912.28823451.davem@davemloft.net> Date: Sun, 27 Feb 2011 15:19:12 -0800 (PST) From: David Miller <davem@...emloft.net> To: segoon@...nwall.com Cc: bhutchings@...arflare.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net, eric.dumazet@...il.com, therbert@...gle.com, xiaosuo@...il.com, jesse@...ira.com, kees.cook@...onical.com, eugene@...hat.com, dan.j.rosenberg@...il.com, akpm@...ux-foundation.org Subject: Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernel modules From: Vasiliy Kulikov <segoon@...nwall.com> Date: Sun, 27 Feb 2011 14:44:38 +0300 > Then the things are still broken - a user has to update modprobe > together with the kernel, otherwise the updated kernel would call > "modprobe" with unsupported argument and even "sit0" wouldn't work. The capability bits get passed on the modprobe command line. The module loading system call in the kernel inspects the command line looking for the argument, and uses it to validate the module load by comparing the mask with the special ELF section. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists