security: introducing security_request_module
Calling request_module() will trigger a userspace upcall which will load a new module into the kernel. This can be a dangerous event if the process able to trigger request_module() is able to control either the modprobe binary or the module binary. This patch adds a new security hook to request_module() which can be used by an LSM to control a processes ability to call request_module(). Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Eric Paris
James Morris
@@ -396,6 +396,11 @@ static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int cap_kernel_module_request(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
|
||||
{
|
||||
return 0;
|
||||
@@ -945,6 +950,7 @@ void security_fixup_ops(struct security_operations *ops)
|
||||
set_to_cap_if_null(ops, cred_commit);
|
||||
set_to_cap_if_null(ops, kernel_act_as);
|
||||
set_to_cap_if_null(ops, kernel_create_files_as);
|
||||
set_to_cap_if_null(ops, kernel_module_request);
|
||||
set_to_cap_if_null(ops, task_setuid);
|
||||
set_to_cap_if_null(ops, task_fix_setuid);
|
||||
set_to_cap_if_null(ops, task_setgid);
|
||||
|
||||
Reference in New Issue
Block a user