Date: Fri, 15 Jun 2001 23:02:50 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Mike Smith <msmith@freebsd.org> Cc: arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path Message-ID: <20010615230249.V94445@ringworld.oblivion.bg> In-Reply-To: <200106152010.f5FKAoT01353@mass.dis.org>; from msmith@freebsd.org on Fri, Jun 15, 2001 at 01:10:50PM -0700 References: <20010615225012.T94445@ringworld.oblivion.bg> <200106152010.f5FKAoT01353@mass.dis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 15, 2001 at 01:10:50PM -0700, Mike Smith wrote: > > > Don't check. > > > > Don't check what - don't check for a directory existence? > > This could lead to problems - theoretically at least, a startup > > script could add a not-yet-mounted directory, and then some > > user (who can see the contents of the kern.module_path sysctl) > > could mount his own directory there, and invoke a module load.. > > > > I know this is paranoid, but ldconfig already performs these > > checks, and ignores non-existent directories. It's true that > > ldconfig only makes the pass at invocation time, so it does > > not have to deal with the problem of adding a non-existent dir > > for future reference, but even so, ldconfig warns about the problem, > > which means kldpath/kldconfig should error out :) > > > > Or maybe I've misunderstood your "don't check" comment. > > If so, apologies for the wasted bandwidth :) > > IMO, ldconfig shouldn't check, and neither should kldconfig. However, my > principal encouragement here is to make kldconfig behave as much like > ldconfig as possible (where it makes sense), so yes, go ahead and check, > but don't be deluded into thinking this actually offers any real security. > > The kldload codepath should still be checking modules wrt. security. OK, after some more discussion on IRC, it seems that the "don't check" approach is best, with kldload-time checking. I'll think some more about it when I get home. Thanks to all thread participatns for the feedback, I'll be back! :) G'luck, Peter -- This sentence would be seven words long if it were six words shorter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010615230249.V94445>