Re: kernel module loading vs securelevel

[Paul Goyette <paul%whooppee.com@localhost>]

On Sat, 16 Oct 2010, John Nemeth wrote:

>     sys/kern/kern_module.c:module_autoload() makes almost the exact
> same call to kauth_authorize_system as does module_load().  The
> difference is that the second last parm is (void *)(uintptr_t)1.  What
> difference this makes is going to be buried in the bowels of kauth, and
> I'm not going to dig through that at this moment.

Hmmm, missed that one.  You're right.

The arg is, I think, the one that gets passsed to the kauth listener as 
arg2, which should cause us to return KAUTH_RESULT_ALLOW for autoload:

static int
module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
    void *arg0, void *arg1, void *arg2, void *arg3)
{
        int result;

        result = KAUTH_RESULT_DEFER;

        if (action != KAUTH_SYSTEM_MODULE)
                return result;

        if ((uintptr_t)arg2 != 0)       /* autoload */
                result = KAUTH_RESULT_ALLOW;

        return result;
}



> }-- End of excerpt from Paul Goyette
>
> !DSPAM:4cb9cb6e2431088414278!

-------------------------------------------------------------------------
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------