[lug] Linux sysctl() Kernel Memory Reading Vulnerability

D. Stimits stimits at idcomm.com
Sat Feb 17 17:57:52 MST 2001 

John Karns wrote:
> 
> On Sat, 17 Feb 2001, D. Stimits said:
> 
> > John Karns wrote:
> > >
> > > Don't you also have add a record / line to /etc/modules.conf (or is it
> > > conf.modules...) in reference to the module before running depmod?
> > >
> >
> > Only needed if the module requires parameters to be passed to it. E.G.,
> > joystick modules might need base address, or ethernet cards might need a
> > parameter. I didn't see anywhere that these particular modules used
> > special parameters, but I didn't look that closely for it either...they
> > could require it, but I don't think they do in this case.
> 
> My understanding is that there are two additional reasons:
> 
> 1) To enable auto loading (maybe obsolete since the auto-loading mechanism
> was changed?)
> 
> 2) to specify module dependencies where chronological loading is necessary
> 
> ----------------------------------------------------------------------
> John Karns                                              jkarns at csd.net
> 

That can also be a good reason. Some modules depend on others loading
first, so a preload has to be done. Cleanup might be a good idea, so
post removal is also possible to specify. This is a single module
though, with no pre/post requirements. I'm not sure about when it
occurs, but some modules do seem to need intervention to tell them to
load (though they shouldn't need help), but depmod is supposed to update
and take care of much of this information (and depmod is run during
bootup at some runlevel, not sure which). I don't know what the current
state of autoloading and detection of modules is. In any case,
modules.conf is unlikely to make any difference on the actual success or
failure of loading the particular module in question. If we were loading
joy-analog.o, and the game port was on a soundblaster live, we'd
probably be interested in using modules.conf to load emu10k1.o,
emu10k1-joy.o (with parameters), joystick.o, and finally joy-analog.o.
But most of the module information that actually must be passed is
hardware related, whereas the memory security module has no particular
hardware (who knows, maybe some day ram will be outdated, and antiques
will require ram.o).

D. Stimits, stimits at idcomm.com

More information about the LUG mailing list