I: kmod vs module-init-tools: modprobe security regression

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

The new edition of modprobe provided by kmod, unlike the old one from
module-init-tools, doesn't honour blacklist by default when processing
aliases.

Back in 2005, when blacklist support in modprobe was first added for
module-init-tools, it was implemented that way deliberately:
http://lkml.org/lkml/2005/5/11/74

Since 2005 the feature became quite popular.  In particular, it is used
as a method to "unalias" all kinds of aliases for the given module.
I'm aware of many default configurations where such constructs as
"alias net-pf-3 off" were rewritten as "blacklist ax25".
Unfortunately, these configurations not just break with migration from
module-init-tools to kmod, but also introduce a vulnerability: an
unprivileged user can use socket(2) syscall to make the kernel load
various modules implementing rare network protocols which used to be
blacklisted.  Some of these modules had various security bugs in the past
(like CVE-2009-2909 in ax25 mentioned above), and are likely to be less
audited than more widespread network protocols, so unguarded access to
these modules poses a security risk.

What I'd like to know is what was the rationale for the change in modprobe
behaviour and how do you propose to deal with the security regression it
introduced?


-- 
ldv

Attachment: pgpfRckpnkrVY.pgp
Description: PGP signature


[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux