Re: Don't load kernel modules from the current directory, second diff

[jnemeth%victoria.tc.ca@localhost (John Nemeth)]

On Dec 25,  7:20am, Marc Balmer wrote:
} Subject: Re: Don't load kernel modules from the current directory, second 
} This is a multi-part message in MIME format.
} --------------030702090605080608070109
} Content-Type: text/plain; charset=ISO-8859-15
} Content-Transfer-Encoding: 7bit
} 
} Thanks to all that replied to my initial diff.  This second version is
} better, it allows to load a module from the filesystem with either an
} absolute path starting with '/' or a relative path starting with '.'.
} So you can still load a module from the CWD using
} 
} modload ./mymodule.kmod
} 
} module_load_vfs() is changed in two ways:  When a module is loaded from
} the path given to modload, it must start with either '.' or '/'.  If a
} path is constructed to load the module from the system module area, it
} must not start with '.' or '/'.

     If you really want to beef up the security of loading from the
system module area, you should make sure there is no / anywhere in
name.  Granted, with name being added to path twice, it will be very
difficult to come up with something that will escape the system module
area and load some random module (even without your change to that
part).

} kobj_load_vfs() will only load an object with a path starting with
} either '/' or '.'
} 
}-- End of excerpt from Marc Balmer