tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel



On Sat, Oct 16, 2010 at 05:07:30AM -0700, Paul Goyette wrote:
 > autoload/autounload does NOT perform any authorization checks -
 > please look at the code!  No checking of securelevel occurs, as far
 > as I can see.  For autoload, the module name must not contain a
 > '/', so if the module is being loaded from the file system it must
 > be loaded from the "blessed" /stand/${ARCH}/${VERSION}/modules
 > directory.  Including the INSECURE option will have no effect on
 > autoloading of modules.

If this is true it makes securelevel useless; all you need to do is
put a hostile module in the right place and cause it to be autoloaded.
(Remember the point of securelevel is that even root can't lower it.)

It should be sufficient, I think, to check at boot time that any
module that can be autoloaded is marked immutable.

-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index