lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <64a80f5e-25db-5413-ab50-fb122bc22d8c@fb.com>
Date:   Fri, 9 Mar 2018 17:43:12 -0800
From:   Alexei Starovoitov <ast@...com>
To:     Andy Lutomirski <luto@...nel.org>,
        David Miller <davem@...emloft.net>
CC:     Greg KH <gregkh@...uxfoundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Djalal Harouni <tixxdz@...il.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        Daniel Borkmann <daniel@...earbox.net>,
        "Luis R. Rodriguez" <mcgrof@...nel.org>,
        Network Development <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        kernel-team <kernel-team@...com>,
        Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf
 binaries

On 3/9/18 11:37 AM, Andy Lutomirski wrote:
> On Fri, Mar 9, 2018 at 6:55 PM, David Miller <davem@...emloft.net> wrote:
>> From: Alexei Starovoitov <ast@...com>
>> Date: Fri, 9 Mar 2018 10:50:49 -0800
>>
>>> On 3/9/18 10:23 AM, Andy Lutomirski wrote:
>>>> It might not be totally crazy to back it by tmpfs.
>>>
>>> interesting. how do you propose to do it?
>>> Something like:
>>> - create /umh_module_tempxxx dir
>>> - mount tmpfs there
>>> - copy elf into it and exec it?
>>
>> I think the idea is that it's an internal tmpfs mount that only
>> the kernel has access too.
>
> That's what I was imagining.  There's precedent.  For example, there's
> a very short piece of code that does it in
> drivers/gpu/drm/i915/i915_gemfs.c.

I can do "monkey see monkey do" approach which will look like:
type = get_fs_type("tmpfs");
fs = kern_mount(type);

/* for each request_umh("foo") */
file = shmem_file_setup_with_mnt(fs, "umh_foo");
do {
   pagecache_write_begin(file,...);
   memcpy()
   pagecache_write_end();
} while (umh_elf_size);
do_execve_file(file);
fput(file);

while keeping fs mounted forever?
is there better way?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ