Date: Tue, 20 Dec 2016 11:48:46 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Jiri Kosina <jikos@...nel.org> Cc: NeilBrown <neilb@...e.com>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org Subject: Re: [RFC 0/4] make call_usermodehelper a bit more "safe" On Tue, Dec 20, 2016 at 11:31:57AM +0100, Jiri Kosina wrote: > On Tue, 20 Dec 2016, Jiri Kosina wrote: > > > I stay totally unconvinced that such kind of countermeasure brings any > > value whatsoever. Could you please bring up a particular usecase, where > > you have complete control over kernel memory, and still the only > > possible exploit factor is redirecting usermodhelper? It feels like > > rather random shot into darkness. > > If we want to make usermod helper really secure, perhaps the best way to > go would be to completely nuke it and handle everyhting in udev; that'd be > quite some work though, especially so that we don't break all the corner > cases of module autoloading (request_module() and such). In talking about this with others, I like Neil's approach of just calling out to a statically-defined single binary to handle all of the specifics. Using something like busybox/toybox to handle any usermode helper issues would be a very simple way to deal with this on a large number of systems (i.e. embedded devices / phones / chromebooks). After I return from vacation, I'll respin this series based on that idea and repost it. thanks, greg k-h
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.