From owner-freebsd-current  Fri Jan 12  9:10: 9 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mail2.iadfw.net (mail2.iadfw.net [206.66.12.234])
	by hub.freebsd.org (Postfix) with SMTP id 0349C37B404
	for <current@FreeBSD.org>; Fri, 12 Jan 2001 09:09:49 -0800 (PST)
Received: from Jason from [64.31.207.237] by mail2.iadfw.net 
	(/\##/\ Smail3.1.30.16 #30.27) with smtp for <current@FreeBSD.org> sender: <jsmethers@pdq.net>
	id <mS/14H7i3-0005e5S@mail2.iadfw.net>; Fri, 12 Jan 2001 11:09:51 -0600 (CST)
Message-ID: <000f01c07cbb$379df040$edcf1f40@pdq.net>
From: "Jason Smethers" <jsmethers@pdq.net>
To: <current@FreeBSD.org>
Subject: module privlages
Date: Fri, 12 Jan 2001 11:15:09 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Has anyone put any thought into putting restrictions on what a module
can modify when loaded into the kernel? If there is, say, ever binary
third party driver support and this is provided without source some
restrictions on what kernel data this module can link to and modify
when loaded might be a good idea.

I was thinking something along the lines of a list of symbols that a
kernel module may call, and a list of symbols that a kernel module may
modify. Allowing the update of these lists may be a little tricky to
prevent already load modules from detecting this and adding their own
symbols.

Doing this with module types might be simple. When a module is loaded
it would contain flags to the module type(s) it is uses and this
selects the list of symbols it may interact with. A module may be then
be used to update these symbols but root is warned and must OK a load
of a kernel module with the type which allows updating the symbol
lists.

With the module types it would also help prevent a module from messing
around in an area that is not expected from such a module. e.g. a
network driver messing around in the VFS.

Any thoughts?

- Jason



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message