Re: [PATCH 2/2] fs: Limit sys_mount to only request filesystem modules.

From: Eric W. Biederman
Date: Tue Mar 05 2013 - 18:24:25 EST

Next message: Henrique de Moraes Holschuh: "Re: [PATCH] thinkpad-acpi: fix potential suspend blocking issue"
Previous message: Ryan Mallon: "Re: [PATCH v2 16/31] workqueue: introduce workqueue_attrs"
In reply to: Kees Cook: "Re: [PATCH 2/2] fs: Limit sys_mount to only request filesystem modules."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kay Sievers <kay@xxxxxxxx> writes:

> On Mon, Mar 4, 2013 at 8:51 AM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>>
>> Modify the request_module to prefix the file system type with "fs-"
>> and add aliases to all of the filesystems that can be built as modules
>> to match.
>>
>> A common practice is to build all of the kernel code and leave code
>> that is not commonly needed as modules, with the result that many
>> users are exposed to any bug anywhere in the kernel.
>>
>> Looking for filesystems with a fs- prefix limits the pool of possible
>> modules that can be loaded by mount to just filesystems trivially
>> making things safer with no real cost.
>
> '-' is a commonly used part of a module name, and does not mix well
> with ramdom user provided names.

The symbols '-' and '_' occur in 2382 out of 3968 modules from an
allmodconfig build, and modprobe ignores the difference between the two.
However only three of those modules begin with fs and none of them begin
with fs-.

Furthermore if it actually becomes a concern to ensure we are talking
about an alias rather than a real module name, the solution is to
change how we call modprobe. As long as we are in the same namespace
something can go wrong.

fs- seems sufficiently unique for the purpose.

> We usually use ':' as the prefix separator for modaliases, when
> user-supplied strings are prefixed with the subsystem.

There are at least two different conventions in use. For software
subsystems like the networking stack '-' is the commonly used
to separate the prefix. For hardware specific subsystems ':' is
commonly used. What I really don't want to load here are hardware
modules so using a hardware module style convention does not seem like
the right way to go.

> I think it would be nicer to change that, and I'm sure some creative
> guy calls the next filesystem of the month fs-$something :)

If it is a filesystem it simply does not matter. The goal is to
only load filesystems.

If it is not a filesystem someone has choosen a confusing naming
convention.

If it turns out I am wrong it is a two line change.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Henrique de Moraes Holschuh: "Re: [PATCH] thinkpad-acpi: fix potential suspend blocking issue"
Previous message: Ryan Mallon: "Re: [PATCH v2 16/31] workqueue: introduce workqueue_attrs"
In reply to: Kees Cook: "Re: [PATCH 2/2] fs: Limit sys_mount to only request filesystem modules."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]