Re: CVS commit: src/sys/kern

[Andrew Doran <ad%netbsd.org@localhost>]

On Sat, Nov 22, 2008 at 09:29:41AM +1100, matthew green wrote:

>    >    Module Name:  src
>    >    Committed By: ad
>    >    Date:         Fri Nov 14 22:00:23 UTC 2008
>    >    
>    >    Modified Files:
>    >          src/sys/kern: subr_kobj.c
>    >    
>    >    Log Message:
>    >    Use NOCHROOT when doing the lookup against the standard module path.
>    >    Prevents abuse of chroots to load tainted kernel modules.
>    > 
>    > 
>    > this also prevents the use of them to load untainted kernel modules.
>    
>    You can load them manually as root. It prevents autoload within the chroot.
> 
> hmmm.  given your syscall autoload mechanism, i think this is
> probably the right idea -- it means that if a chroot user
> performs a syscall that needs to be autoloaded (or any sort
> of operation to trigger autoload) then the modules should come
> from the root fs, not the chroot.  right?

Right.
     
>    > how does this interact with sysctl init.chroot?
>    
>    It doesn't, should it?
> 
> i am wondering if it means that after init.chroot has switched
> the path to the real /, the module autoloader won't work anymore
> and will only find modules present in the now hidden ramdisk /.

It sounds like it should be paying attention to init.chroot then. The
namei() flag may be a crap way to handle it. What it signifies is: the
kernel is doing this lookup for something the kernel wants, the user is not
doing the lookup. It might be better to use proc0's cwd for this rather than
special casing every instance, I'll have a look.

Thanks,
Andrew