2000-11-24 12:58:29

by Adam J. Richter

[permalink] [raw]
Subject: RFC: Security fix for demand loading of filesystem and network interface modules

I want to slightly change the way filesystems and network
drivers are demand loaded via request_module.

Currently, querying a nonexistant network interface named,
say, "eth0" results in a result_module call for "eth0". I want
to change that to "if-eth0". This will make it impossible for
users to pass things like "-C/my/bogus/modules.config", or to
cause the loading of legitimate but buggy module to crash the
system. The changes to modutils that Keith Owens posted address the
former problem, but not the latter, which is a pretty real possibility
given that our current builds install 786 modules. This renaming
is also useful because it will make it possible to make generic
rules for modprobe that handle names that are unrecognized but are
know to be a networking interface (for example, "if-funkylan0" might load
all relevant modules that have PCI or USB class information indicating
that they are network interfaces and which correspond to hardware that
is present).

Likewise, I want to change request_module calls that load
file system modules (in fs/supser.c and fs/fat/cvf.c) to prefix
them with "fs-".

Of course these changes will add string length checking.

Comments? Are the "fs-" and "if-" prefixes OK? (There
are currently no real modules that have names beginning with those

Adam J. Richter __ ______________ 4880 Stevens Creek Blvd, Suite 104
[email protected] \ / San Jose, California 95129-1034
+1 408 261-6630 | g g d r a s i l United States of America
fax +1 408 261-6631 "Free Software For The Rest Of Us."