tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel



On Sat, 16 Oct 2010, Izumi Tsutsui wrote:

Hmm, what do you think about this feature?
Only available in INSECURE environment?

We trust modules at the time when they're installed into the trusted
place, same as kernel itself.  I think prohibiting module load  at
run-time is rather pointless.

Well I think the point is whether we should require INSECURE or not
to use module autoload/autounload after multiuser.

If we should I'll enable options INSECURE by default on ports
that require options MODULAR (to save kernel file size).

autoload/autounload does NOT perform any authorization checks - please look at the code! No checking of securelevel occurs, as far as I can see. For autoload, the module name must not contain a '/', so if the module is being loaded from the file system it must be loaded from the "blessed" /stand/${ARCH}/${VERSION}/modules directory. Including the INSECURE option will have no effect on autoloading of modules.

Manual loading and unloading of modules does involve calls to kauth_authorize_system() which will check securelevel.



-------------------------------------------------------------------------
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------


Home | Main Index | Thread Index | Old Index