From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753251AbdK0TND (ORCPT ); Mon, 27 Nov 2017 14:13:03 -0500 Received: from mail-it0-f50.google.com ([209.85.214.50]:34885 "EHLO mail-it0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751767AbdK0TNB (ORCPT ); Mon, 27 Nov 2017 14:13:01 -0500 X-Google-Smtp-Source: AGs4zMbYHg3vv3dO0veiPBxWQHpzjFM13ulS/KeJy/yMpoX4m9y9G4TpLpP0keh/UsRDSFvGLR3XE7zJOJtTn5kplk8= MIME-Version: 1.0 In-Reply-To: References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com> From: Linus Torvalds Date: Mon, 27 Nov 2017 11:12:59 -0800 X-Google-Sender-Auth: PpJUZBuZc6W7l-y7DTwlffa_J_M Message-ID: Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure To: Djalal Harouni Cc: Kees Cook , Andy Lutomirski , Andrew Morton , "Luis R. Rodriguez" , James Morris , Ben Hutchings , Solar Designer , Serge Hallyn , Jessica Yu , Rusty Russell , Linux Kernel Mailing List , LSM List , "kernel-hardening@lists.openwall.com" , Jonathan Corbet , Ingo Molnar , "David S. Miller" , Network Development , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 27, 2017 at 11:02 AM, Linus Torvalds wrote: > > Now, the above will not necessarily work with a legacy /dev/ directory > where al the nodes have been pre-populated, and opening the device > node is supposed to load the module. So _historically_ we did indeed > load modules as normal users. But does that really happen any more? Sadly, it looks like bluetoothd actually does expect to load the bt-proto-XYZ modules with no capabilities at all. So apparently we really do depend on not needing capabilities for module loading. Oh well. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 From: Linus Torvalds Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure Date: Mon, 27 Nov 2017 11:12:59 -0800 Message-ID: References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Kees Cook , Andy Lutomirski , Andrew Morton , "Luis R. Rodriguez" , James Morris , Ben Hutchings , Solar Designer , Serge Hallyn , Jessica Yu , Rusty Russell , Linux Kernel Mailing List , LSM List , "kernel-hardening@lists.openwall.com" , Jonathan Corbet , Ingo Molnar , "David S. Miller" , Network Development , Peter Zijlstra To: Djalal Harouni Return-path: Received: from mail-it0-f50.google.com ([209.85.214.50]:34885 "EHLO mail-it0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751767AbdK0TNB (ORCPT ); Mon, 27 Nov 2017 14:13:01 -0500 In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: On Mon, Nov 27, 2017 at 11:02 AM, Linus Torvalds wrote: > > Now, the above will not necessarily work with a legacy /dev/ directory > where al the nodes have been pre-populated, and opening the device > node is supposed to load the module. So _historically_ we did indeed > load modules as normal users. But does that really happen any more? Sadly, it looks like bluetoothd actually does expect to load the bt-proto-XYZ modules with no capabilities at all. So apparently we really do depend on not needing capabilities for module loading. Oh well. Linus From mboxrd@z Thu Jan 1 00:00:00 1970 From: torvalds@linux-foundation.org (Linus Torvalds) Date: Mon, 27 Nov 2017 11:12:59 -0800 Subject: [PATCH v5 next 0/5] Improve Module autoloading infrastructure In-Reply-To: References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Mon, Nov 27, 2017 at 11:02 AM, Linus Torvalds wrote: > > Now, the above will not necessarily work with a legacy /dev/ directory > where al the nodes have been pre-populated, and opening the device > node is supposed to load the module. So _historically_ we did indeed > load modules as normal users. But does that really happen any more? Sadly, it looks like bluetoothd actually does expect to load the bt-proto-XYZ modules with no capabilities at all. So apparently we really do depend on not needing capabilities for module loading. Oh well. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Sender: linus971@gmail.com In-Reply-To: References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com> From: Linus Torvalds Date: Mon, 27 Nov 2017 11:12:59 -0800 Message-ID: Content-Type: text/plain; charset="UTF-8" Subject: [kernel-hardening] Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure To: Djalal Harouni Cc: Kees Cook , Andy Lutomirski , Andrew Morton , "Luis R. Rodriguez" , James Morris , Ben Hutchings , Solar Designer , Serge Hallyn , Jessica Yu , Rusty Russell , Linux Kernel Mailing List , LSM List , "kernel-hardening@lists.openwall.com" , Jonathan Corbet , Ingo Molnar , "David S. Miller" , Network Development , Peter Zijlstra List-ID: On Mon, Nov 27, 2017 at 11:02 AM, Linus Torvalds wrote: > > Now, the above will not necessarily work with a legacy /dev/ directory > where al the nodes have been pre-populated, and opening the device > node is supposed to load the module. So _historically_ we did indeed > load modules as normal users. But does that really happen any more? Sadly, it looks like bluetoothd actually does expect to load the bt-proto-XYZ modules with no capabilities at all. So apparently we really do depend on not needing capabilities for module loading. Oh well. Linus