tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel

On Sat, 16 Oct 2010, John Nemeth wrote:

    sys/kern/kern_module.c:module_autoload() makes almost the exact
same call to kauth_authorize_system as does module_load().  The
difference is that the second last parm is (void *)(uintptr_t)1.  What
difference this makes is going to be buried in the bowels of kauth, and
I'm not going to dig through that at this moment.

Hmmm, missed that one.  You're right.

The arg is, I think, the one that gets passsed to the kauth listener as arg2, which should cause us to return KAUTH_RESULT_ALLOW for autoload:

static int
module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
    void *arg0, void *arg1, void *arg2, void *arg3)
        int result;

        result = KAUTH_RESULT_DEFER;

        if (action != KAUTH_SYSTEM_MODULE)
                return result;

        if ((uintptr_t)arg2 != 0)       /* autoload */
                result = KAUTH_RESULT_ALLOW;

        return result;

}-- End of excerpt from Paul Goyette


| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at |
| Kernel Developer |                          | pgoyette at  |

Home | Main Index | Thread Index | Old Index