Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Nov 2017 10:44:52 +1100 (AEDT)
From: James Morris <>
To: Kees Cook <>
cc: Linus Torvalds <>,
        David Miller <>, Djalal Harouni <>,
        Andy Lutomirski <>,
        Andrew Morton <>,
        "Luis R. Rodriguez" <>,
        Ben Hutchings <>,
        Solar Designer <>,
        "Serge E. Hallyn" <>, Jessica Yu <>,
        Rusty Russell <>,
        LKML <>,
        linux-security-module <>,, Jonathan Corbet <>,
        Ingo Molnar <>,
        Network Development <>,
        Peter Zijlstra <>
Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure

On Mon, 27 Nov 2017, Kees Cook wrote:

> >         if (WARN_ON_ONCE(!capable(CAP_SYS_MODULE) ||
> >                          !capable(CAP_SYS_ADMIN) ||
> >                          !capable(CAP_NET_ADMIN) ||
> >                          !unprivileged_autoload(module_name)))

(Side note: the capable() calls would ideally come after the whitelist 

> We have some of this already with the module prefixes. Doing this
> per-module would need to be exported to userspace, I think. It'd be
> way too fragile sitting in the kernel.

What about writing a whitelist to /proc (per-task) or /sys/fs (global) ?

The per-task whitelist is inherited from the global one by default, or 
from a parent process if it's been modified in the parent.

James Morris

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.