re: CVS commit: src/sys/kern

To: Andrew Doran <ad%netbsd.org@localhost>
Subject: re: CVS commit: src/sys/kern
From: matthew green <mrg%eterna.com.au@localhost>
Date: Sat, 22 Nov 2008 09:29:41 +1100

   
   >    Module Name:    src
   >    Committed By:   ad
   >    Date:           Fri Nov 14 22:00:23 UTC 2008
   >    
   >    Modified Files:
   >            src/sys/kern: subr_kobj.c
   >    
   >    Log Message:
   >    Use NOCHROOT when doing the lookup against the standard module path.
   >    Prevents abuse of chroots to load tainted kernel modules.
   > 
   > 
   > this also prevents the use of them to load untainted kernel modules.
   
   You can load them manually as root. It prevents autoload within the chroot.

hmmm.  given your syscall autoload mechanism, i think this is
probably the right idea -- it means that if a chroot user
performs a syscall that needs to be autoloaded (or any sort
of operation to trigger autoload) then the modules should come
from the root fs, not the chroot.  right?
    
   > how does this interact with sysctl init.chroot?
   
   It doesn't, should it?

i am wondering if it means that after init.chroot has switched
the path to the real /, the module autoloader won't work anymore
and will only find modules present in the now hidden ramdisk /.


.mrg.

Follow-Ups:
- Re: CVS commit: src/sys/kern
  - From: Andrew Doran

References:
- Re: CVS commit: src/sys/kern
  - From: Andrew Doran

Prev by Date: CVS commit: othersrc/usr.bin/mdoclint
Next by Date: Re: CVS commit: othersrc/usr.bin/ungencat
Previous by Thread: Re: CVS commit: src/sys/kern
Next by Thread: Re: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index