From owner-freebsd-arch Mon Dec 31 7:40:41 2001 Delivered-To: freebsd-arch@freebsd.org Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 7DCA637B42B for ; Mon, 31 Dec 2001 07:40:34 -0800 (PST) Received: (qmail 76022 invoked by uid 1000); 31 Dec 2001 14:57:41 -0000 Date: Mon, 31 Dec 2001 16:57:41 +0200 From: Peter Pentchev To: Matthew Emmerton Cc: Mike Barcroft , Mike Smith , arch@FreeBSD.ORG Subject: Re: kldload(2) family (was Re: loadable aio) Message-ID: <20011231165741.A475@straylight.oblivion.bg> Mail-Followup-To: Matthew Emmerton , Mike Barcroft , Mike Smith , arch@FreeBSD.ORG References: <20011231043633.E45114@espresso.q9media.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from matt@gsicomp.on.ca on Mon, Dec 31, 2001 at 10:14:12AM -0500 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Dec 31, 2001 at 10:14:12AM -0500, Matthew Emmerton wrote: [snip] > > Doesn't using an environment variable (KLDPATH) introduce all of the > issues surrounding the use of LD_LIBRARY_PATH on Solaris and other > OSes? While it's not the same issues (KLDs vs shared libraries), it still > introduces the possibility of interesting exploits and problems, > especially for installations that load as much as possible from KLDs. > > With the search path controlled by a sysctl, you have to be root to change > it. With an environment variable, Joe User could blow it away, and then > hammer the help desk with cries of "why can't I mount my > floppy/cdrom" or "my sound card doesn't work" or "PPPoE doesn't work" - > all because of a bogus KLD search path. > > I would think that using the root-controlled sysctl first, then using the > user-controlled KLDPATH second would be a less error-prone setup. Security is one of the issues. Another one, as pointed out in my e-mail to -arch, is the fact that sometimes the kernel itself needs to load modules. The kernel has no notion of 'environment', and even if it had, it would be.. interesting.. to have it choose which process's environment to use - sometimes there is simply no currently running process. Thus, since kernel module loading is, well, a kernel issue, IMHO the path belongs in the kernel and in the kernel only; that is, a kernel variable exported by the kern.modules_path sysctl. G'luck, Peter -- This sentence contains exactly threee erors. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message