Re: [PATCH v2 1/2] modutils: check ELF header before calling finit_module()

Tue, 05 Jan 2021 00:32:13 -0800 


On 2021/1/5 上午10:47, Kang-Che Sung wrote:

On Mon, Jan 4, 2021 at 6:32 PM Qu Wenruo <w...@suse.com> wrote:


On 2021/1/4 下午6:01, Kang-Che Sung wrote:

On Sun, Jan 3, 2021 at 12:11 PM Qu Wenruo <w...@suse.com> wrote:


finit_module() and init_module() system calls have clear specification
to only accept valid ELF image.

Although we try finit_module() on compressed modules to let the kernel
determine if it's an ELF image, but it's not ideal, especially when
newer kernel will complain when some invalid files/memory is passed in.

Treat the kernel better by just doing a very basic ELF header check
before calling finit_module().

Signed-off-by: Qu Wenruo <w...@suse.com>


What is the reason for not letting the kernel do all the ELF sanity checks?
Performance? Security? For now this looks like extra code to busybox
without obvious benefits.


To avoid possible "Invalid ELF header" error message from kernel.

Since those system calls are only to accept ELF header, kernel has its
right to info the caller that it got some invalid ELF header (even if
it's just compressed file).

Or did you mean, busybox pursues size so much that it doesn't matter to
not follow system call spec?


It is normal for the kernel to receive a malformed ELF file through
init_module() and it's the kernel's job to reject it. I don't see why the
"Invalid ELF header" message would bother you so much, since you
won't load kernel modules often.


It's true until when some users checks the dmesg and see the error message.


I'm personally fine with that temporary error message, but not sure how 
others end users will feel.



Especially considering busybox is used in some distros' initramfs, like 
Arch, to load initial kernel modules for rootfs/lvm/...



Without the context, someone would spend tons of time to debug and 
finally complain.




By "security" I mean, if the kernel would accept any header other than
ELF and you want to ensure only ELF is passed to the system call,
then it's fine to add that sanity check. Otherwise, there's no benefit
for repeating what the kernel would do in busybox.



So reducing confusion is never a thing to consider in busybox?
Only reducing code size is?

Thanks,
Qu

_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox






















					Reply via email to