Received: by 10.223.164.202 with SMTP id h10csp584116wrb; Thu, 30 Nov 2017 04:23:09 -0800 (PST) X-Google-Smtp-Source: AGs4zMYBdeZkY3xrXfOLFVRL17aVk0X2PB2d4AFopAiOVJ8+gm7l4f4++30uPuhwXRyL8CPf4Mlb X-Received: by 10.84.131.35 with SMTP id 32mr2400727pld.347.1512044589500; Thu, 30 Nov 2017 04:23:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044589; cv=none; d=google.com; s=arc-20160816; b=Q2by0Elm9Q27lsiJx0IF1vd8zVTQuDh0I/sTWleCN5omSJUqg6icNVYMK0Ib96vw30 +oiR+dYrEpJJEoXQ283rqE3en3QSRe4lG4X2lYPtWUY7shGvtHCUkqlhrxPTJgWvsLJx CljACFsteCaapFHqNexqH56Ryla6AP2RBMm/Iy8vhNR5E7Cos2Kl39OiI7auGIQ+0PyE FYUAmLu/ZKlwyon5hrMiVOuK+N4F4DEtbZCRO4DDWV6l3gBxXaqZoDjWBSeTFHkR40v3 j3Odr0sQkcnqgAE2W3ZrXLTqTpOXcpdaU1G6eimIkL3NNx9yfcoOSTvjCHZDofpqAglU Lp1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=jEN6TnAHe62hr2ddG8wPx3kp9s+Rfored5SlQ0/LsgU=; b=FuYWERqXdLJITj7r809aWApUVS45BMqLrv5rU3dle3GfP/Bp5b/aQwHscb+0IGm/QK lTcLdUDHegF/RPPlWJ7BaSOiQPUkN6CvuE+X69IdPxv6GQ0afhwozG/3N9izoY5a+uZe XR1fqVBd5U/jBWr7mm+Tha+lJSKpwBAoLpclJHBIJaU34/ykFEk1jPr6Aycxr+PisQ4m 9nUSY1/vio/IdJhEV8Nn0qnVE7orISVBaS0Z4EybGeiBuawIu9dBt7CK/z9QlCgtGqFL chXgX6Pf4t/IBz8WvhntCAEw1okraxrfhjcZjv0hCag2iw3LUEJQoumMtzzPyFFoBSfb bc2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Yxw9Da37; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j4si3009642plb.812.2017.11.30.04.22.55; Thu, 30 Nov 2017 04:23:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Yxw9Da37; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752708AbdK3MWJ (ORCPT + 99 others); Thu, 30 Nov 2017 07:22:09 -0500 Received: from mail-qt0-f194.google.com ([209.85.216.194]:34067 "EHLO mail-qt0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751157AbdK3MWG (ORCPT ); Thu, 30 Nov 2017 07:22:06 -0500 Received: by mail-qt0-f194.google.com with SMTP id 33so8476029qtv.1; Thu, 30 Nov 2017 04:22:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jEN6TnAHe62hr2ddG8wPx3kp9s+Rfored5SlQ0/LsgU=; b=Yxw9Da3709X0TKIZ6A6AUWSZWJvd5GQl8RGYwDAMF1i6thpc4sggbRboNI7IDp9BXz dfHoAyil6z7UlCdqWwHUKIuLpdKNIo60vxx8NZECMfyckKnsDWA8nJSDz+upLfdkcFPm YAES87NECGNOV8CGXcbhIE+1ttrcwN8a7UyEm55AN6mHG2oP4GLQ/eKslNSZbFzUiDmD kGNDtnPIBYOepfcBbpEYvebBUivuUohjxZJZwtvxVS0TB42yTrGMflsIgB8MMLCu/w/1 VE5O+/gqtp37GoRliviHBvy9GbKx3y3BNrkC69VMZEoU81HlhyH+GJgVMj2+IoprF8FY ijng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jEN6TnAHe62hr2ddG8wPx3kp9s+Rfored5SlQ0/LsgU=; b=gPOeWx/XRwEQGIEYzXPK2nvmevePNxsq6ixA81vAh2KdhVHTqNR+YX1X2KFc8dh0ra mXqfu5O89gWlg8LxiwBl6f8Lr8YTKk2GycPxstW+mr660Q0tH+f6K32j65oVx28/SAnq T68nfnAU0knJry7MTzjuEcmEWladx8hvMGxt3oVLSi+fvR80MCq3oZAgdZL5c6vO7xFT EkCfjrLoAJE8D6GevMrlxJxfK6xBsE3Wpjf4szSaUkuwXyU/xEaCOV9iKrNDqsVrAR6p QrjVcA7V5MRm/EKVbbS7kPoM1ZrVhSxmguH9S+0tpFOJmy42SvjFlKk50JeSGrE3b8DX q3eg== X-Gm-Message-State: AKGB3mI81E4ZNTccOMDRY+XheAN87xewbXvsUlqGnPOivzuzW86AOj5g l8Ok0bd6HmckBXt622oypNHDxgdAUaI7nD9iEKI= X-Received: by 10.237.61.243 with SMTP id j48mr3355971qtf.52.1512044525836; Thu, 30 Nov 2017 04:22:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.31.132 with HTTP; Thu, 30 Nov 2017 04:22:05 -0800 (PST) In-Reply-To: <20171130012324.GZ729@wotan.suse.de> References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com> <1511803118-2552-4-git-send-email-tixxdz@gmail.com> <20171130012324.GZ729@wotan.suse.de> From: Djalal Harouni Date: Thu, 30 Nov 2017 13:22:05 +0100 Message-ID: Subject: Re: [PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction To: "Luis R. Rodriguez" Cc: Kees Cook , Andy Lutomirski , Andrew Morton , James Morris , Ben Hutchings , Solar Designer , Serge Hallyn , Jessica Yu , Rusty Russell , linux-kernel , LSM List , kernel-hardening@lists.openwall.com, Jonathan Corbet , Ingo Molnar , "David S. Miller" , Network Development , Peter Zijlstra , Linus Torvalds Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 30, 2017 at 2:23 AM, Luis R. Rodriguez wrote: > On Mon, Nov 27, 2017 at 06:18:36PM +0100, Djalal Harouni wrote: >> diff --git a/include/linux/module.h b/include/linux/module.h >> index 5cbb239..c36aed8 100644 >> --- a/include/linux/module.h >> +++ b/include/linux/module.h >> @@ -261,7 +261,16 @@ struct notifier_block; >> >> #ifdef CONFIG_MODULES >> >> -extern int modules_disabled; /* for sysctl */ >> +enum { >> + MODULES_AUTOLOAD_ALLOWED = 0, >> + MODULES_AUTOLOAD_PRIVILEGED = 1, >> + MODULES_AUTOLOAD_DISABLED = 2, >> +}; >> + > > Can you kdocify these and add a respective rst doc file? Maybe stuff your > extensive docs which you are currently adding to > Documentation/sysctl/kernel.txt to this new file and in kernel.txt just refer > to it. This way this can be also nicely visibly documented on the web with the > new sphinx. > > This way you can take advantage of the kdocs you are already adding and refer > to them. Alright I'll do it in the next series next week, we'll change the semantics as requested by Linus and Kees here: http://www.openwall.com/lists/kernel-hardening/2017/11/29/38 To block the privilege escalation through the usermod helper. >> diff --git a/kernel/sysctl.c b/kernel/sysctl.c >> index 2fb4e27..0b6f0c8 100644 >> --- a/kernel/sysctl.c >> +++ b/kernel/sysctl.c >> @@ -683,6 +688,15 @@ static struct ctl_table kern_table[] = { >> .extra1 = &one, >> .extra2 = &one, >> }, >> + { >> + .procname = "modules_autoload_mode", >> + .data = &modules_autoload_mode, >> + .maxlen = sizeof(int), >> + .mode = 0644, >> + .proc_handler = modules_autoload_dointvec_minmax, > > It would seem this is a unint ... so why not reflect that? > >> @@ -2499,6 +2513,20 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, >> } >> #endif >> >> +#ifdef CONFIG_MODULES >> +static int modules_autoload_dointvec_minmax(struct ctl_table *table, int write, >> + void __user *buffer, size_t *lenp, loff_t *ppos) >> +{ >> + /* >> + * Only CAP_SYS_MODULE in init user namespace are allowed to change this >> + */ >> + if (write && !capable(CAP_SYS_MODULE)) >> + return -EPERM; >> + >> + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); >> +} >> +#endif > > We now have proc_douintvec_minmax(). > Yes, however in that same response by Linus it was suggested to drop the sysctl completely, so next iterations will not have this code. Thank you for the review! -- tixxdz From 1585452200764666198@xxx Thu Nov 30 01:24:03 +0000 2017 X-GM-THRID: 1585240680478921556 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread