Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754699Ab0KHLeL (ORCPT ); Mon, 8 Nov 2010 06:34:11 -0500 Received: from one.firstfloor.org ([213.235.205.2]:45722 "EHLO one.firstfloor.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754465Ab0KHLeK (ORCPT ); Mon, 8 Nov 2010 06:34:10 -0500 From: Andi Kleen To: 7eggert@gmx.de Cc: Dan Rosenberg , security@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH RFC] Restrictions on module loading References: Date: Mon, 08 Nov 2010 12:34:07 +0100 In-Reply-To: (Bodo Eggert's message of "Mon, 08 Nov 2010 09:30:50 +0100") Message-ID: <87zktkqcb4.fsf@basil.nowhere.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 554 Lines: 16 Bodo Eggert <7eggert@web.de> writes: > > - What about task switches or work queues? That's indeed a problem. All request_module()s would need auditing and if there's any triggered from a workqueue a new interface that passes the credentials around. -Andi -- ak@linux.intel.com -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/