Received: by 10.223.164.202 with SMTP id h10csp2338615wrb; Mon, 27 Nov 2017 15:47:10 -0800 (PST) X-Google-Smtp-Source: AGs4zMYaVf+EcoThnyYb28ol2v37ofYkNnf2O3P71xt3tuFt2jvTZbyllff+x9/DbjU6+3fSxS1T X-Received: by 10.99.117.74 with SMTP id f10mr38687389pgn.27.1511826430228; Mon, 27 Nov 2017 15:47:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511826430; cv=none; d=google.com; s=arc-20160816; b=Hj9ENINAn34jpfm62CE1mmXdBQUujJIhQ+Nq4S5rx/YT8ffh/L2pDnjb2M9Tiexxz1 VNVMos1J/1DRyyAghzK41iof91sP+TsZwoNkHo5TeLD1EzjaI15GgJzfxw4YEDW/VzAA 9A5ZXWLr55p4dCWZguWxXc3Jb75gBA//LGgCoIKNjtRxDvE90eQzWMXu0ZoLuT9vIFYH QPjpcqUye8ElMx5BRLo7vV9nwY2ULpEMcbhV9MVmkHb5aJZT2CH6Rovgp4U1oo9RWjUc jq0aBpvqqApilI0Z/9TjmsNpYB1a91Tgb/coPpxvDfKarhkzJHxuMdqXOKp9uvP2cvdg fsiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=EhauCrQBpF4cvHm3WyM9VXHRoU2pY6MAs0tJLOPe868=; b=GPgFlwGYocs1uHXauytjAK/dm4UQyaJDDvAklvhgi2ZKDcoNgLj553o6KXKWUARtUs 5YcBh6CRWvem6pzLiQFsQiRcVGo7uxcc1CNAVBWy6EHYGylmF9JnlqYVM+zCCYtznRCx 0VTxB+JweKJBH4+KFcZ6CWB/oYl7Zn9ZrLK4QfCAHSxq/9eY5dYTJ8H75zDCCrTb43PY HKJbrQOgi6/RNAgkKiF9F7aVo5DFBJztQ4SDC+dDJ2uJ+ITl88pslkWEEeShifku7BLE hzF6aUgmU/AtSD7fVgrzwvpGum73nCTM/DBOQ40f4hmZzTrW9q72ogtKNP0IB2ofC9bM dSaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z20si25588590pfe.221.2017.11.27.15.46.58; Mon, 27 Nov 2017 15:47:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753141AbdK0XqN (ORCPT + 78 others); Mon, 27 Nov 2017 18:46:13 -0500 Received: from userp1040.oracle.com ([156.151.31.81]:31249 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752357AbdK0XqL (ORCPT ); Mon, 27 Nov 2017 18:46:11 -0500 Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id vARNj6oL027397 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 27 Nov 2017 23:45:06 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id vARNj5ps031180 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 27 Nov 2017 23:45:05 GMT Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id vARNj3w3019632; Mon, 27 Nov 2017 23:45:03 GMT Received: from t440 (/58.166.67.31) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 27 Nov 2017 15:45:02 -0800 Date: Tue, 28 Nov 2017 10:44:52 +1100 (AEDT) From: James Morris X-X-Sender: james.l.morris@localhost To: Kees Cook cc: Linus Torvalds , David Miller , Djalal Harouni , Andy Lutomirski , Andrew Morton , "Luis R. Rodriguez" , Ben Hutchings , Solar Designer , "Serge E. Hallyn" , Jessica Yu , Rusty Russell , LKML , linux-security-module , kernel-hardening@lists.openwall.com, Jonathan Corbet , Ingo Molnar , Network Development , Peter Zijlstra Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure In-Reply-To: Message-ID: References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com> <20171128.041426.801732093971324601.davem@davemloft.net> User-Agent: Alpine 2.20 (LFD 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Source-IP: aserv0022.oracle.com [141.146.126.234] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 27 Nov 2017, Kees Cook wrote: > > if (WARN_ON_ONCE(!capable(CAP_SYS_MODULE) || > > !capable(CAP_SYS_ADMIN) || > > !capable(CAP_NET_ADMIN) || > > !unprivileged_autoload(module_name))) (Side note: the capable() calls would ideally come after the whitelist check). > We have some of this already with the module prefixes. Doing this > per-module would need to be exported to userspace, I think. It'd be > way too fragile sitting in the kernel. What about writing a whitelist to /proc (per-task) or /sys/fs (global) ? The per-task whitelist is inherited from the global one by default, or from a parent process if it's been modified in the parent. -- James Morris From 1585262302854503054@xxx Mon Nov 27 23:05:42 +0000 2017 X-GM-THRID: 1585240558529359461 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread