Evgeniy Polyakov wrote:
On Wed, Oct 25, 2006 at 11:08:43AM -0700, Stephen Hemminger ([EMAIL PROTECTED])
wrote:
If user asks for a congestion control type with setsockopt() then it
may be available as a module not included in the kernel already.
It should be autoloaded if needed. This is done already when
the default selection is change with sysctl, but not when application
requests via sysctl.
Only reservation is are there any bad security implications from this?
What if system is badly configured, so it is possible to load malicious
module by kernel?
The kernel module loader has a fixed path. So one would have to be able
to create a module
in /lib/modules/<kernel release> in order to get the malicious code
loaded. If the intruder could
put a module there, it would be just as easy to patch an existing module
and have the
hack available on reboot.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
