Re: module loading with CAP_NET_ADMIN

From: Vasiliy Kulikov
Date: Fri Feb 25 2011 - 10:57:45 EST

Next message: Vivek Goyal: "Re: Is it a workqueue related issue in 2.6.37 (Was: Re: [libvirt]blkio cgroup [solved])"
Previous message: Grant Likely: "Re: [PATCH v4 6/7] arm/dt: Basic tegra devicetree support"
In reply to: Michael Tokarev: "Re: module loading with CAP_NET_ADMIN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 25, 2011 at 18:29 +0300, Michael Tokarev wrote:
> 25.02.2011 15:30, Vasiliy Kulikov wrote:
> > On Thu, Feb 24, 2011 at 16:34 +0000, Ben Hutchings wrote:
> >> On Thu, 2011-02-24 at 18:12 +0300, Vasiliy Kulikov wrote:
> >>> My proposal is changing request_module("%s", name) to something like
> >>> request_module("netdev-%s", name) inside of dev_load() and adding
> >>> aliases to related drivers.
>
> It is not the kernel patching which we should worry about, kernel
> part is trivial.
>
> What is not trivial is to patch all the systems out there who
> autoloads network drivers based on /etc/modprobe.d/network-aliases.conf
> (some local file), ie, numerous working setups which already
> uses this mechanism since stone age. And patching these is
> not trivial at all, unfortunately.
>
> Somewhat weird setups (one can load the modules explicitly, and
> nowadays this all is handled by udev anyway), but this change
> will break some working systems.
>
> Maybe the cost (some pain for some users) isn't large enough
> but the outcome is good, and I think it _is_ good, but it needs
> some wider discussion first, imho.
>
> I can't think of a way to handle this without breaking stuff.

Currently Linux slowly moves in the direction of rootless systems. This
definitely need proper restrictions of CAP_* power. Network admin does
nothing with general modules. It _has_ to break something one day
because old assumptions about permission stuff don't conform CAP_*
things: old assumptions are very closely connected with just everything.

I'm not sure how this particular CAP_NET_ADMIN misuse should be fixed,
maybe distributions should supply script to upgrade modprobe configs.
Also note that change s/CAP_SYS_MODULE/CAP_NET_ADMIN/ was made in
2.6.32, so there is a possibility that the set of affected distributions
(that doesn't use udev stuff) is very small.

Thanks for your input,

--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vivek Goyal: "Re: Is it a workqueue related issue in 2.6.37 (Was: Re: [libvirt]blkio cgroup [solved])"
Previous message: Grant Likely: "Re: [PATCH v4 6/7] arm/dt: Basic tegra devicetree support"
In reply to: Michael Tokarev: "Re: module loading with CAP_NET_ADMIN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]