tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel

If I remember correctly, autoload bypasses the authorization calls within the module subsystem. Autoload also works ONLY for modules that are either built-in, passed by the bootloader, or located in the "official" directory; autoloading from the filesystem is prohibited if the pathname contains any '/'.

On Sat, 16 Oct 2010, Izumi Tsutsui wrote:

XXX: module files can be loaded only on single user?

It looks kernel modules can't be loaded on multi user,
i.e. if kernel securelevel is 1, unless options INSECURE is specified.

i386 has options INSECURE by default so it just works,
but is it intended feature?

It would seem to be intentional.  After all, kernel modules can
do all sorts of nasty things if they want to.

In that case, module autoload/autounload is not functional at all and
we have to specify all possible necessary modules explicitly
during boot time??

Izumi Tsutsui


| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at |
| Kernel Developer |                          | pgoyette at  |

Home | Main Index | Thread Index | Old Index