On 21 November 2014 02:05, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > This prefixes all crypto module loading with "crypto-" so we never run > the risk of exposing module auto-loading to userspace via a crypto API, > as demonstrated by Mathias Krause: > > https://lkml.org/lkml/2013/3/4/70 > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > [...] Looks good so far, but unfortunately does not solve the problem completely (af_alg_mod from the link above): bbox:~# cat /sbin/modlog #!/bin/sh exec 1>/tmp/modlog.$$ echo "CMD: $0 $*" echo "ENV: " env exec /sbin/modprobe "$@" bbox:~# echo /sbin/modlog > /proc/sys/kernel/modprobe bbox:~# lsmod | grep fat bbox:~# af_alg_mod 'vfat(blowfish)' bbox:~# grep CMD /tmp/modlog.* /tmp/modlog.257:CMD: /sbin/modlog -q -- net-pf-38 /tmp/modlog.261:CMD: /sbin/modlog -q -- algif-hash /tmp/modlog.265:CMD: /sbin/modlog -q -- crypto-vfat(blowfish) /tmp/modlog.268:CMD: /sbin/modlog -q -- crypto-vfat(blowfish)-all /tmp/modlog.272:CMD: /sbin/modlog -q -- vfat bbox:~# lsmod | grep fat vfat 17135 0 fat 61984 1 vfat bbox:~# The last modlog call does not contain the "crypto-" prefix, therefore happily loads the vfat module. I guess crypto templates are handled special? Regards, Mathias -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html