modload_03.diff, was: Don't load kernel modules from the current directory

To: tech-kern%NetBSD.org@localhost
Subject: modload_03.diff, was: Don't load kernel modules from the current directory
From: Marc Balmer <mbalmer%NetBSD.org@localhost>
Date: Fri, 05 Aug 2011 08:31:18 +0200

This is the third iteration of the patch to make kernel module loading
more secure.  The only change to the previous patch is that the code,
when loading a module from /stand/... now checks that the module name
does not contain a path separator character.

modload <name> still works, but <name> must be available in the system
module area under /stand/...

To load from any other location, either an absolute path or a relative
path starting with a '.' is needed.

Comments?

Index: sys/kern/kern_module_vfs.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_module_vfs.c,v
retrieving revision 1.10
diff -u -p -r1.10 kern_module_vfs.c
--- sys/kern/kern_module_vfs.c  28 Nov 2010 00:26:38 -0000      1.10
+++ sys/kern/kern_module_vfs.c  5 Aug 2011 06:24:09 -0000
@@ -63,6 +63,7 @@ module_load_vfs(const char *name, int fl
        module_t *mod, prop_dictionary_t *filedictp)
 {
        char *path;
+       const char *p;
        bool nochroot;
        int error;
        prop_bool_t noload;
@@ -77,15 +78,26 @@ module_load_vfs(const char *name, int fl
        path = PNBUF_GET();
 
        if (!autoload) {
-               nochroot = false;
-               snprintf(path, MAXPATHLEN, "%s", name);
-               error = kobj_load_vfs(&mod->mod_kobj, path, nochroot);
+               if (*name == '/' || *name == '.') {
+                       nochroot = false;
+                       snprintf(path, MAXPATHLEN, "%s", name);
+                       error = kobj_load_vfs(&mod->mod_kobj, path, nochroot);
+               } else
+                       error = ENOENT;
        }
        if (autoload || (error == ENOENT)) {
-               nochroot = true;
-               snprintf(path, MAXPATHLEN, "%s/%s/%s.kmod",
-                   module_base, name, name);
-               error = kobj_load_vfs(&mod->mod_kobj, path, nochroot);
+               for (error = 0, p = name; *p; p++) {
+                       if (*p == '/') {
+                               error = ENOENT;
+                               break;
+                       }
+               }       
+               if (!error) {
+                       nochroot = true;
+                       snprintf(path, MAXPATHLEN, "%s/%s/%s.kmod",
+                           module_base, name, name);
+                       error = kobj_load_vfs(&mod->mod_kobj, path, nochroot);
+               }
        }
        if (error != 0) {
                PNBUF_PUT(path);
Index: sys/kern/subr_kobj_vfs.c
===================================================================
RCS file: /cvsroot/src/sys/kern/subr_kobj_vfs.c,v
retrieving revision 1.4
diff -u -p -r1.4 subr_kobj_vfs.c
--- sys/kern/subr_kobj_vfs.c    19 Nov 2010 06:44:43 -0000      1.4
+++ sys/kern/subr_kobj_vfs.c    5 Aug 2011 06:24:10 -0000
@@ -139,6 +139,10 @@ kobj_load_vfs(kobj_t *kop, const char *p
        int error;
        kobj_t ko;
 
+       KASSERT(path != NULL);
+       if (*path != '/' && *path != '.')
+               return ENOENT;
+
        cred = kauth_cred_get();
 
        ko = kmem_zalloc(sizeof(*ko), KM_SLEEP);

Follow-Ups:
- Re: modload_03.diff, was: Don't load kernel modules from the current directory
  - From: Iain Hibbert

References:
- Don't load kernel modules from the current directory
  - From: Marc Balmer

Prev by Date: Re: extended attributes and lsextattr/extattr_list_file
Next by Date: Re: modload_03.diff, was: Don't load kernel modules from the current directory
Previous by Thread: Re: Don't load kernel modules from the current directory, second diff
Next by Thread: Re: modload_03.diff, was: Don't load kernel modules from the current directory
Indexes:

Home | Main Index | Thread Index | Old Index