Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Nov 2017 09:31:18 +1100 (AEDT)
From: James Morris <>
To: David Miller <>
Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure

On Tue, 28 Nov 2017, David Miller wrote:

> From: Linus Torvalds <>
> Date: Mon, 27 Nov 2017 10:41:30 -0800
> > What are the real life use-cases for normal users having modules
> > auto-load?
> User opens SCTP socket, SCTP protocol module loads.
> People build test cases via namespaces, and in that namespaces normal
> users can setup virtual tunnel devices themselves, and those configure
> operations can bring the tunnel module in.

What about implementing a white list of modules which are able to be 
loaded by unprivileged users?

Then, Linus' solution would look something like:

	va_start(args, fmt);
	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);

	if (WARN_ON_ONCE(!capable(CAP_SYS_MODULE) ||
                         !capable(CAP_SYS_ADMIN) ||
                         !capable(CAP_NET_ADMIN) ||
		return -EPERM;

James Morris

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.