dlopen-like facility for conditional loading of symbols in modules (Re: Firmware for new ti_usb_3410_5052 devices)
From: Oleg Verych
Date: Sat Mar 03 2007 - 08:23:29 EST
On Sat, Mar 03, 2007 at 08:40:26AM +0100, Oliver Neukum wrote:
> Am Samstag, 3. M?rz 2007 01:29 schrieb Greg KH:
> > On Sat, Mar 03, 2007 at 01:27:07AM +0100, Oleg Verych wrote:
> > >
> > > If you can proof that it doesn't influence kernel's control above system
> > > hardware. Ironically such stuff in the userspace can give additional
> > > intrusion way to the kernel.
> >
> > Do you know of any way to use the firmware interface to the kernel for
> > intrusion? If so, please let us know and we will fix it.
>
> If you can determine firmware for a block device whose filesystem is
> then mounted with suid allowed or whose files root runs, you've rooted
> the box.
> Firmware needs the same level of protection as kernel modules on disk. This
> is a basic feature of the system and can't be avoided. If you are paranoid
> enough to compile your kernel without module loading, you also have
> to disable firmware loading for block (and net due to nfs/cifs) devices.
Maybe modules' dlopen() like facility would be better to handle static
firmware or any other on-demand static data like ID tables etc.?
I.e. some additional flag for an exported symbol (in a module), that
this symbol maybe dynamically requested and used. As far as i can see,
depmod generates static map, unresolved symbols must be in the kernel
(System.map).
It will solve problem of having multiple unneeded firmware images if
driver handles many devices and firmware is allowed to be in the
kernel. No need in additional secure infrastructure.
p.s. LKML, mit-devel added. Maybe this can be done easily and somebody
knows that.
____
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/