Date: Fri, 25 Oct 2002 13:52:13 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Bruce Evans <bde@zeta.org.au> Cc: Brooks Davis <brooks@one-eyed-alien.net>, Bakul Shah <bakul@bitblocks.com>, Dave Evans <devans@hclb.demon.co.uk>, freebsd-current@FreeBSD.ORG Subject: Re: pppd not working on latest current 2002-10-20 Message-ID: <3DB9AEFD.DE3FB604@mindspring.com> References: <20021026061742.O5279-100000@gamplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans wrote: > > patch should do it as well as making pppd do the right thing when > > support isn't compiled in, but a module is available. It should make > > things work with a GENERIC kernel. > > I disagree with auto-loading of modules for anything, but especially in > setuid programs like pppd. It's really tempting to say that modules should be classified by the services they can provide, and, barring them being disallowed, have the kernel automatically load them when the services they export are referenced, if they are not already loaded. Module code is trusted code, even if the people who might want to load modules into the kernel are not. Really, the security association that establishes the trust needs to trust the module code, not trust (or not trust) the user (IMO). The bset way to do this, I think, is to add a seperate section to the module image that can be used to provide this information to the kernel. A recent example in this regard was the aio routines, where if you call the system call, the default for the system call not being implemented is to signal (and, by the default behaviour, kill) the process. Only if you trapped the signal did the call return -1 with errno set to ENOSYS. Arguably, it should have loaded the AIO module, and "just worked". NB: The security issues that led to it being a module in the first place are unlikely to be addressed at all, if they are not a threat because they are in a module which is not loaded by default, which is bad. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DB9AEFD.DE3FB604>