Linux kernel improve Module autoloading infrastructure

calendar 28 Nov 2017, 00:00 · 1 min read · opensource linux kernel security  ·
Share on: linkedin copy

TL;DR: Currently, an explicit call to load or unload kernel modules require CAP_SYS_MODULE capability. However unprivileged users have always been able to load some modules using the implicit auto-load operation. An automatic module loading happens when programs request a kernel feature from a module that is not loaded. In order to satisfy userspace, the kernel then automatically load all these required modules, however attackers have been abusing this functionality to load vulnerable modules.

Patch solution: PATCH v5 Improve Module autoloading infrastructure

Solution

I have been working on a solution that I am not sure if it will be merged or not. The idea was inspired from grsecurity 'GRKERNSEC_MODHARDEN' config option. The upstream Linux implementation is more focused on the run-time behavior with a three mode switch, plus upstream version solves Linux usecases with a per process tree flag that can be used in containers, sandboxes, etc to block direct implicit auto-load operations. This implementation does not share anything with grsecurity.

The proposed solution is here: PATCH v5 Improve Module autoloading infrastructure