On Sat, 16 Oct 2010, Izumi Tsutsui wrote:
autoload/autounload does NOT perform any authorization checks - please look at the code! No checking of securelevel occurs, as far as I can see. For autoload, the module name must not contain a '/', so if the module is being loaded from the file system it must be loaded from the "blessed" /stand/${ARCH}/${VERSION}/modules directory. Including the INSECURE option will have no effect on autoloading of modules.Hmm. I built MODULAR kernels on news68k and sun3 (which didn't have INSECURE) but I couldn't use TMPFS or execute a.out binaries on multiuser though they worked after shutdown(8) or on single user. The code doesn't work as intended and just we should fix it?
Hmmm. Maybe I am reading the code wrong. But the intent of the code seems to be quite clear. The manual load explicitly calls kauth_...() while the auto-load path does not make any such call.
Perhaps there is an additional authorization call in kobj_load_vfs() (which does the actual loading). A quick grep of subr_kobj*.c for kauth_ does not reveal anything obvious.
Could you rerun your testing after setting sysctl kern.module.verbose? This should provide extra kernel debug printf() messages...
------------------------------------------------------------------------- | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net | | Kernel Developer | | pgoyette at netbsd.org | -------------------------------------------------------------------------