NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/45235: GENERIC can not have options MODULAR on sane archs
The following reply was made to PR kern/45235; it has been noted by GNATS.
From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: tsutsui%ceres.dti.ne.jp@localhost
Subject: Re: kern/45235: GENERIC can not have options MODULAR on sane archs
Date: Wed, 10 Aug 2011 18:44:24 +0900
> - Create a security model where module auto loading is controlled
> differently
> (how?)
We can allow autoload (not by modload) even if securelevel > 0
but I don't have any security considerations...
---
Izumi Tsutsui
Index: sys/secmodel/securelevel/secmodel_securelevel.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/securelevel/secmodel_securelevel.c,v
retrieving revision 1.20
diff -u -p -r1.20 secmodel_securelevel.c
--- sys/secmodel/securelevel/secmodel_securelevel.c 7 Oct 2009 01:06:57
-0000 1.20
+++ sys/secmodel/securelevel/secmodel_securelevel.c 10 Aug 2011 09:42:08
-0000
@@ -254,7 +254,7 @@ secmodel_securelevel_system_cb(kauth_cre
break;
case KAUTH_SYSTEM_MODULE:
- if (securelevel > 0)
+ if ((uintptr_t)arg2 == 0 && securelevel > 0)
result = KAUTH_RESULT_DENY;
break;
Home |
Main Index |
Thread Index |
Old Index