Hi, The new edition of modprobe provided by kmod, unlike the old one from module-init-tools, doesn't honour blacklist by default when processing aliases. Back in 2005, when blacklist support in modprobe was first added for module-init-tools, it was implemented that way deliberately: http://lkml.org/lkml/2005/5/11/74 Since 2005 the feature became quite popular. In particular, it is used as a method to "unalias" all kinds of aliases for the given module. I'm aware of many default configurations where such constructs as "alias net-pf-3 off" were rewritten as "blacklist ax25". Unfortunately, these configurations not just break with migration from module-init-tools to kmod, but also introduce a vulnerability: an unprivileged user can use socket(2) syscall to make the kernel load various modules implementing rare network protocols which used to be blacklisted. Some of these modules had various security bugs in the past (like CVE-2009-2909 in ax25 mentioned above), and are likely to be less audited than more widespread network protocols, so unguarded access to these modules poses a security risk. What I'd like to know is what was the rationale for the change in modprobe behaviour and how do you propose to deal with the security regression it introduced? -- ldv
Attachment:
pgpfRckpnkrVY.pgp
Description: PGP signature