Greg KH wrote:
> On Fri, Aug 23, 2002 at 05:28:45PM -0400, David Wheeler wrote:
>
>
>> Instead, I'll make removing modules slightly harder.
>> If you want to remove a stacked module, you'll first have to
>> "disable" it, and then it's up to the administrator to make sure
>> that all threads have completed calling the list before
>> removing the disabled module (and the administrator will have
>> to decide when it's safe to do so). Basically, I plan to
>> trade away safety in module removal in order to gain speed.
>
>
> Sounds reasonable, "removing modules can be dangerous" is a good thing
> to state :)
It's more like "here be dragons". The condition
for causing disaster is pretty hard to cause:
* Must follow pointer BEFORE module removed
* Must suspend before completing module call
* Must remove module while suspended there.
Of course, if that DOES happen, it's really, really bad.
Hmm, an interesting attack: an attacker who knows
about a stacker & that stacked modules get removed could
try to constantly do things that would invoke the stacked
calls, and then try to get suspended in them
(e.g., making them VERY low priority).
More than likely, if you're removing modules you're not
a production system, so that shouldn't be a disaster.
--- David A. Wheeler
dwheelerat_private
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 15:04:30 PDT