[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: kern/45235: GENERIC can not have options MODULAR on sane archs
> The following reply was made to PR kern/45235; it has been noted by GNATS.
> From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc: tsutsui%ceres.dti.ne.jp@localhost
> Subject: Re: kern/45235: GENERIC can not have options MODULAR on sane archs
> Date: Wed, 10 Aug 2011 18:44:24 +0900
> > - Create a security model where module auto loading is controlled
> > (how?)
> We can allow autoload (not by modload) even if securelevel > 0
> but I don't have any security considerations...
> Izumi Tsutsui
> Index: sys/secmodel/securelevel/secmodel_securelevel.c
> RCS file: /cvsroot/src/sys/secmodel/securelevel/secmodel_securelevel.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 secmodel_securelevel.c
> --- sys/secmodel/securelevel/secmodel_securelevel.c 7 Oct 2009 01:06:57
> -0000 1.20
> +++ sys/secmodel/securelevel/secmodel_securelevel.c 10 Aug 2011 09:42:08
> @@ -254,7 +254,7 @@ secmodel_securelevel_system_cb(kauth_cre
> case KAUTH_SYSTEM_MODULE:
> - if (securelevel > 0)
> + if ((uintptr_t)arg2 == 0 && securelevel > 0)
> result = KAUTH_RESULT_DENY;
please don't change the securelevel secmodel this way. it could
be an additional overlay to relax this check, but without
significant setup, allowing this is hardly any different to
allowing full access.
the overlay should continue to reject this at securelevel > 1,
as well, IMO.
Main Index |
Thread Index |