Users loading modules

Ken Moffat ken at kenmoffat.uklinux.net
Sun Aug 7 05:23:00 PDT 2005


On Sat, 6 Aug 2005, Declan Moriarty wrote:

>
> Ever since I went to a 2.6 kernel here (on my LFS-5.0 installation) I
> have been having permission problems loading modules as a user. I had to
> sort something, because glibc will now not compile on a 2.4 kernel
>
> Changing the perms on /sbin/modprobe to 4755 sorted the problem, and a
> user can load away now. But 0755 was fine on the old programs
>

 Users could load modules ?  On my one desktop with a 2.4 kernel
(LFS-4.1 or thereabouts, reserved for possibly building BLFS-5 to test
patches) I built a chunk of network modules, so let's try -

ken at chameleon ~$ /sbin/modprobe dummy
/lib/modules/2,4,22-pq/kernel/drivers/net/dummy.o: create_module:
Operation not permitted

 which is exactly what I expected - it works fine for root.

>
> Is the sky going to fall in, or have I comitted the unforgiveable sin?
> (More likely) what have I done wrong. We have changed from modutils to
> module-init-tools (0.9.15pre4), modules.conf to modprobe.conf and of
> course kernels.
>
> Is this a security hazard?
>

evil at chateau ~$ modprobe rootkit

 You are letting any user alter the running kernel.  Clearly, there are
a few more steps any malefactor would need to take, but they'll
appreciate all the help you give them.

 There seem to be some rough edges with certain modules or udev on
recent kernels.  Ideally, the kernel should know enough to load the
modules.  If it doesn't, try building them in.

Ken
-- 
 das eine Mal als Tragödie, das andere Mal als Farce




More information about the blfs-support mailing list