On Wed, Mar 12, 2014 at 10:15:00AM +0100, Pablo Neira Ayuso wrote: > > 7/9: > > whole nft_expr_autoload() looks scary from security point of view. > > If I'm reading it correctly, the code will do request_module() based on > > userspace request to attach filter? > > Only root can invoke that code so far.
Oops, this is obviously wrong. This request_module part needs a fix indeed for the non-root part. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/