NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

re: kern/45235: GENERIC can not have options MODULAR on sane archs

The following reply was made to PR kern/45235; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
    netbsd-bugs%netbsd.org@localhost, martin%NetBSD.org@localhost
Subject: re: kern/45235: GENERIC can not have options MODULAR on sane archs
Date: Wed, 10 Aug 2011 19:57:40 +1000

 > The following reply was made to PR kern/45235; it has been noted by GNATS.
 > 
 > From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: tsutsui%ceres.dti.ne.jp@localhost
 > Subject: Re: kern/45235: GENERIC can not have options MODULAR on sane archs
 > Date: Wed, 10 Aug 2011 18:44:24 +0900
 > 
 >  >  - Create a security model where module auto loading is controlled 
 > differently
 >  >    (how?)
 >  
 >  We can allow autoload (not by modload) even if securelevel > 0
 >  but I don't have any security considerations...
 >  ---
 >  Izumi Tsutsui
 >  
 >  Index: sys/secmodel/securelevel/secmodel_securelevel.c
 >  ===================================================================
 >  RCS file: /cvsroot/src/sys/secmodel/securelevel/secmodel_securelevel.c,v
 >  retrieving revision 1.20
 >  diff -u -p -r1.20 secmodel_securelevel.c
 >  --- sys/secmodel/securelevel/secmodel_securelevel.c 7 Oct 2009 01:06:57 
 > -0000       1.20
 >  +++ sys/secmodel/securelevel/secmodel_securelevel.c 10 Aug 2011 09:42:08 
 > -0000
 >  @@ -254,7 +254,7 @@ secmodel_securelevel_system_cb(kauth_cre
 >              break;
 >   
 >      case KAUTH_SYSTEM_MODULE:
 >  -           if (securelevel > 0)
 >  +           if ((uintptr_t)arg2 == 0 && securelevel > 0)
 >                      result = KAUTH_RESULT_DENY;
 >              break;
 
 please don't change the securelevel secmodel this way.  it could
 be an additional overlay to relax this check, but without
 significant setup, allowing this is hardly any different to
 allowing full access.
 
 the overlay should continue to reject this at securelevel > 1,
 as well, IMO.
 
 
 .mrg.
Home | Main Index | Thread Index | Old Index