Re: Potential future capabilities hole!!

H. Peter Anvin (hpa@transmeta.com)
8 Jun 1999 07:39:33 GMT


Followup to: <199906080638.OAA14079@typhaon.ucs.uwa.edu.au>
By author: David Luyer <luyer@ucs.uwa.edu.au>
In newsgroup: linux.dev.kernel
>
> > Hi,
> >
> > I just noticed that the kernel executes "modprobe" with _all_ capabilities
> > raised.
>
> You're seriously considering enabling module autoloading a secure system?
> (I don't enable modules, let alone autoloading!)
>

One should be able to do that. Of course, modprobe & co will then
have to reside in the trusted core, since they're effectively running
with kernel permissions (from a trust perspective, not a bug
perspective.)

Since modprobe needs to be able to install kernel code, there aren't
any permissions it *doesn't* have anyway...

-hpa

-- 
"The user's computer downloads the ActiveX code and simulates a 'Blue
Screen' crash, a generally benign event most users are familiar with
and that would not necessarily arouse suspicions."
-- Security exploit description on http://www.zks.net/p3/how.asp

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/