Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Jun 2001 13:10:50 -0700
From:      Mike Smith <msmith@freebsd.org>
To:        Peter Pentchev <roam@orbitel.bg>
Cc:        arch@FreeBSD.ORG, audit@FreeBSD.ORG
Subject:   Re: new kldpath(8): display/modify the module search path 
Message-ID:  <200106152010.f5FKAoT01353@mass.dis.org>
In-Reply-To: Your message of "Fri, 15 Jun 2001 22:50:12 %2B0300." <20010615225012.T94445@ringworld.oblivion.bg> 

next in thread | previous in thread | raw e-mail | index | archive | help
> > Don't check.
> 
> Don't check what - don't check for a directory existence?
> This could lead to problems - theoretically at least, a startup
> script could add a not-yet-mounted directory, and then some
> user (who can see the contents of the kern.module_path sysctl)
> could mount his own directory there, and invoke a module load..
> 
> I know this is paranoid, but ldconfig already performs these
> checks, and ignores non-existent directories.  It's true that
> ldconfig only makes the pass at invocation time, so it does
> not have to deal with the problem of adding a non-existent dir
> for future reference, but even so, ldconfig warns about the problem,
> which means kldpath/kldconfig should error out :)
> 
> Or maybe I've misunderstood your "don't check" comment.
> If so, apologies for the wasted bandwidth :)

IMO, ldconfig shouldn't check, and neither should kldconfig.  However, my 
principal encouragement here is to make kldconfig behave as much like 
ldconfig as possible (where it makes sense), so yes, go ahead and check, 
but don't be deluded into thinking this actually offers any real security.

The kldload codepath should still be checking modules wrt. security.

-- 
... every activity meets with opposition, everyone who acts has his
rivals and unfortunately opponents also.  But not because people want
to be opponents, rather because the tasks and relationships force
people to take different points of view.  [Dr. Fritz Todt]
           V I C T O R Y   N O T   V E N G E A N C E



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106152010.f5FKAoT01353>