Date: Mon, 31 Dec 2001 16:57:41 +0200 From: Peter Pentchev <roam@ringlet.net> To: Matthew Emmerton <matt@gsicomp.on.ca> Cc: Mike Barcroft <mike@FreeBSD.ORG>, Mike Smith <msmith@FreeBSD.ORG>, arch@FreeBSD.ORG Subject: Re: kldload(2) family (was Re: loadable aio) Message-ID: <20011231165741.A475@straylight.oblivion.bg> In-Reply-To: <Pine.BSF.4.21.0112311009010.36668-100000@xena.gsicomp.on.ca>; from matt@gsicomp.on.ca on Mon, Dec 31, 2001 at 10:14:12AM -0500 References: <20011231043633.E45114@espresso.q9media.com> <Pine.BSF.4.21.0112311009010.36668-100000@xena.gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 31, 2001 at 10:14:12AM -0500, Matthew Emmerton wrote: [snip] > > Doesn't using an environment variable (KLDPATH) introduce all of the > issues surrounding the use of LD_LIBRARY_PATH on Solaris and other > OSes? While it's not the same issues (KLDs vs shared libraries), it still > introduces the possibility of interesting exploits and problems, > especially for installations that load as much as possible from KLDs. > > With the search path controlled by a sysctl, you have to be root to change > it. With an environment variable, Joe User could blow it away, and then > hammer the help desk with cries of "why can't I mount my > floppy/cdrom" or "my sound card doesn't work" or "PPPoE doesn't work" - > all because of a bogus KLD search path. > > I would think that using the root-controlled sysctl first, then using the > user-controlled KLDPATH second would be a less error-prone setup. Security is one of the issues. Another one, as pointed out in my e-mail to -arch, is the fact that sometimes the kernel itself needs to load modules. The kernel has no notion of 'environment', and even if it had, it would be.. interesting.. to have it choose which process's environment to use - sometimes there is simply no currently running process. Thus, since kernel module loading is, well, a kernel issue, IMHO the path belongs in the kernel and in the kernel only; that is, a kernel variable exported by the kern.modules_path sysctl. G'luck, Peter -- This sentence contains exactly threee erors. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011231165741.A475>