Hi Dmitry On Tue, Aug 14, 2012 at 5:56 PM, Dmitry V. Levin <ldv@xxxxxxxxxxxx> wrote: > Hi, > > The new edition of modprobe provided by kmod, unlike the old one from > module-init-tools, doesn't honour blacklist by default when processing > aliases. > > Back in 2005, when blacklist support in modprobe was first added for > module-init-tools, it was implemented that way deliberately: > http://lkml.org/lkml/2005/5/11/74 > > Since 2005 the feature became quite popular. In particular, it is used > as a method to "unalias" all kinds of aliases for the given module. > I'm aware of many default configurations where such constructs as > "alias net-pf-3 off" were rewritten as "blacklist ax25". > Unfortunately, these configurations not just break with migration from > module-init-tools to kmod, but also introduce a vulnerability: an > unprivileged user can use socket(2) syscall to make the kernel load > various modules implementing rare network protocols which used to be > blacklisted. Some of these modules had various security bugs in the past > (like CVE-2009-2909 in ax25 mentioned above), and are likely to be less > audited than more widespread network protocols, so unguarded access to > these modules poses a security risk. > > What I'd like to know is what was the rationale for the change in modprobe What's the change? > behaviour and how do you propose to deal with the security regression it > introduced? there shouldn't be a change in behaviour. Could you provide an example the results are different and if possible add it to testsuite/test-blacklist.c? thanks Lucas De Marchi -- To unsubscribe from this list: send the line "unsubscribe linux-modules" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
