Subject: Re: lkm problems...
To: Mike Long <mike.long@analog.com>
From: matthew green <mrg@mame.mu.OZ.AU>
List: current-users
Date: 11/22/1995 13:41:27
>Date: Tue, 21 Nov 1995 02:26:51 -0500
>From: Frank Dana <danaf@cs.rpi.edu>
>The only problem I had, other than needing to hack the code a little, is
>that I _could_not_ do the modload from within multi-user mode. Even su'd
>to root on the console, I got an erro from modload that it "could not
>allocate memory: Operation mnot permitted." after which it did an exit(9);
This is a security feature. You don't want random lusers loading LKMs
because LKMs can do _anything_ to kernel internals.
It seems strange that it's failing even when you su to root, though.
Maybe the LKM driver is checking the ruid when it should be checking
the euid? Look for the UID check in /sys/kern/kern_lkm.c.
no, this is correct:
there is _no_ point in having securelevel > 0 if you allow LKM's to
be loaded at the same time. the LKM could lower the securelevel of
the running system -- thus making LKM's available with securelevel > 0
it is possible, outside of the 'normal' course (init) to lower
securelevel.
there are a _LOT_ of other things that need to be done, in addition to
this, to make it worth the bother of having securelevel > 0.
(i use defeat-securelevel.o, which does indeed lower securelevel).
.mrg.