Received: by 10.223.185.116 with SMTP id b49csp286571wrg; Thu, 8 Mar 2018 17:39:23 -0800 (PST) X-Google-Smtp-Source: AG47ELtkuHyZ22U/sfeN2yMR7vwlt9KpcP/zMV0tMd8lFHFJ5qmI1oEtpMlr69Gat4X0uFITI/KF X-Received: by 2002:a17:902:b597:: with SMTP id a23-v6mr12751957pls.156.1520559563132; Thu, 08 Mar 2018 17:39:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520559563; cv=none; d=google.com; s=arc-20160816; b=jpphbhIqUuLvX1N+8kZKi66jM6FBXhATW2WjzoyldEuJ0S6Oi/cxnoEx/qwvFqhQih cmR6Bfdg4h57C4nuLfBUZt/cYEjB7wVXjxwkIgBtWQAjcw3SuzcMhI5IOGfO4nuKn6hN S9KWainALH1Lv8Mff9u/CbaHYNIEG343fxTYaAQ53MmPKB5tsBmkMd+9aXdXHyNozd/j At3PuyFPQabFWRZ8ywEi5bG/ZuItFfetDSAinEyC2ndpa9aM7AyfDpYBvnu2sVwaRrP2 UTCxeu5Sia6lV1i86zu/xgCGbPG3BEuSQ/GG+i7BfBjGZgith/JBZN66ktv1rRiLZ4mY 7i2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=mAydwcVYaBidxRBasZ8mSEngg/HDwK7b8vJfpk9qVTM=; b=pPDSKr+13dlj1FcVwA7BNqtAYSLzWEeZQ2e0Y2b9GFHFXQuALMgmwAq2i3NEe4bxf1 uFaRmu3vdeysoRwHpB19b1Tucg6NgMPy0fryluyU5+j5+9VdHkgRjnstF7WP3hy/I0qm DMTd36Sa8XpLXqZLJVrsjnnEXzyPeRdOwt+/EBR9lhf6JcXFZF99w63YTs1uqqPhLHz3 tcLwSqjIfW/QF8nIRCxpJk2k0hO7TvAkPMrY1dUWuNsLVJwH490E9ACj6M69fEmPy2xx mHu2Px/EnXEMmOezj/L8RMnlgIDaJzeul/PXDcZPPMapjU8QdMJ0QeUyNTTdLfzvwUv8 lhYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=Od3DQ83s; dkim=fail header.i=@linux-foundation.org header.s=google header.b=aIY+kf3Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k13si202683pgn.419.2018.03.08.17.39.08; Thu, 08 Mar 2018 17:39:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=Od3DQ83s; dkim=fail header.i=@linux-foundation.org header.s=google header.b=aIY+kf3Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932110AbeCIBiP (ORCPT + 99 others); Thu, 8 Mar 2018 20:38:15 -0500 Received: from mail-io0-f196.google.com ([209.85.223.196]:37166 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751113AbeCIBiN (ORCPT ); Thu, 8 Mar 2018 20:38:13 -0500 Received: by mail-io0-f196.google.com with SMTP id d71so1854494iog.4; Thu, 08 Mar 2018 17:38:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=mAydwcVYaBidxRBasZ8mSEngg/HDwK7b8vJfpk9qVTM=; b=Od3DQ83s851UmgdG/lp0A8mYyS29J8na459gr2jJIp/dlLwPHIa7kkXIU+bLYj2D9y sTLpHwjOVeI8e5QjnhJT7Vw2OZ24a1z49isNr1ApkHw9mOaalIgEt7lM/JuSYWCJK0ZG kPlBP0kcxmrXtKtQi0DXGrvlbgu/AMrq1maOxg5pfPkbvOkpWhuiQvSRI36zG2EQDlx6 VhCZfDZVYIGKBj96G7N1A670f6BUgpkos0N9rEatJ54nixB70F4RvZFSgxe+z+h8PpGB SSGr5vly3ftZrZpjTd/UHlM8o3P8YhXG6IYFtLm/csaqsfaeiVXLvYYvfDmHCBKeRJBD qubg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=mAydwcVYaBidxRBasZ8mSEngg/HDwK7b8vJfpk9qVTM=; b=aIY+kf3ZfJAZQU1KsGqAqm6qS3T4GRb/DlPHcsCRHO/IRYHabiQVnUy0xpgiNrLnQq CT/7sOISrutd8qhU/HJXr+hwKi2TWPwp3hOaXmVz5Iz6tB8V/XzDGBNkitT81aqz30i0 c09qmw3n+cFjKY+Yrm0sjdACxGZlCAphclOro= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=mAydwcVYaBidxRBasZ8mSEngg/HDwK7b8vJfpk9qVTM=; b=Ox6RtQWgf7/qUNlAKUlt+e3gsO72cLbJaK3tX1lhkxDnbg0dIzooJwNc13D7h1tCuQ 98pLrJc/gl0b6Hw0zZmojFGIv7JYHbl9k6cpCMPPN9wQ5GFR/pf6B0WiqK3e5dWt+wmn DjnC3XRK3KUb5PQKBDpW5UzsRMuiUQX/w/tWScCqnCjPFFVcO+AYBuTKomDl61QLdEG8 moVtXQ79hvUVcEObNX42MECwPxThuHj3KZ/QyIPpwaPhbi/KoHMiv7py9ysdKkmr7INh hjsnvA9+8CrWjq+T1sm+b/QbKEH1XwmbVmbe5IJtmMdTUMmGq3HhoRgqY8nsBXwV15lA v82A== X-Gm-Message-State: APf1xPB6RggH7tczDnSIeHsPP24w1M+i5IoG6ZUSV/0YKAw+AIPT8ZbE NPQED94mGHZfbtUaIta8Q9imImLkFLnr9gQ4Osk= X-Received: by 10.107.12.213 with SMTP id 82mr33041735iom.48.1520559492615; Thu, 08 Mar 2018 17:38:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.135.221 with HTTP; Thu, 8 Mar 2018 17:38:12 -0800 (PST) In-Reply-To: References: <20180306013457.1955486-1-ast@kernel.org> From: Linus Torvalds Date: Thu, 8 Mar 2018 17:38:12 -0800 X-Google-Sender-Auth: _DQgERCMfoeD8rf10_P3zBfM0E4 Message-ID: Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries To: Andy Lutomirski Cc: Kees Cook , Alexei Starovoitov , Djalal Harouni , Al Viro , "David S. Miller" , Daniel Borkmann , Greg KH , "Luis R. Rodriguez" , Network Development , LKML , kernel-team , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 8, 2018 at 4:59 PM, Andy Lutomirski wrote: > > Also, I don't see how this is any more exploitable than any other > init_module(). Absolutely. If Kees doesn't trust the files to be loaded, an executable - even if it's running with root privileges and in the initns - is still fundamentally weaker than a kernel module. So I don't understand the security argument AT ALL. It's nonsensical. The executable loading does all the same security checks that the module loading does, including the signing check. And the whole point is that we can now do things with building and loading a ebpf rule instead of having a full module. Linus