Re: [PATCH] Blacklist binary-only modules lying about their license

From: Carl-Daniel Hailfinger
Date: Tue Apr 27 2004 - 05:38:29 EST

Next message: Christoph Pohl: "Low bogomips on IBM x445 (kernel 2.6.5)"
Previous message: Pavel Machek: "Re: Bug#234976: kernel-source-2.6.4: Software Suspend doesn't work"
In reply to: Jan-Benedict Glaw: "Re: [PATCH] Blacklist binary-only modules lying about their license"
Next in thread: Paulo Marques: "Re: [PATCH] Blacklist binary-only modules lying about their license"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jan-Benedict Glaw wrote:
> On Tue, 2004-04-27 16:04:06 +1000, Rusty Russell <rusty@xxxxxxxxxxxxxxx>
> wrote in message <1083045844.2150.105.camel@bach>:
>
>>On Tue, 2004-04-27 at 14:31, Linus Torvalds wrote:
>>diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal .31262-linux-2.6.6-rc2-bk4/include/linux/module.h .31262-linux-2.6.6-rc2-bk4.updated/include/linux/module.h
>>--- .31262-linux-2.6.6-rc2-bk4/include/linux/module.h 2004-04-22 08:03:55.000000000 +1000
>>+++ .31262-linux-2.6.6-rc2-bk4.updated/include/linux/module.h 2004-04-27 15:52:19.000000000 +1000
>>@@ -61,7 +64,14 @@ void sort_main_extable(void);
>> #ifdef MODULE
>> #define ___module_cat(a,b) __mod_ ## a ## b
>> #define __module_cat(a,b) ___module_cat(a,b)
>>+/* Some sick fucks embeded NULs in MODULE_LICENSE to circumvent checks. */
>>+#define __MODULE_INFO_CHECK(info) \
>>+ static void __init __attribute_used__ \
>>+ __module_cat(__mc_,__LINE__)(void) { \
>>+ BUILD_BUG_ON(__builtin_strlen(info) + 1 != sizeof(info)); \
>>+ }
>> #define __MODULE_INFO(tag, name, info) \
>>+__MODULE_INFO_CHECK(info); \
>> static const char __module_cat(name,__LINE__)[] \
>> __attribute_used__ \
>> __attribute__((section(".modinfo"),unused)) = __stringify(tag) "=" info
>
>
> Erm, that's a pure compile-time check, which the companies can remove.
> So they can still put their fucked up license string into the module,
> customer's kernel won't detect it.
>
> So I'm full for embedding the supplied string's size into the module, or
> some compile-time generated checksum. We need something that can be
> checked at module load time, not at compile time, or do I misread the
> code?

# objdump -t forcedeth.ko |grep '\.modinfo'|sort
00000000 l d .modinfo 00000000
00000000 l O .modinfo 0000000c __mod_license1618
00000020 l O .modinfo 00000036 __mod_description1617
00000060 l O .modinfo 00000031 __mod_author1616
000000a0 l O .modinfo 00000047 __mod_max_interrupt_work1614
00000100 l O .modinfo 0000002b __mod_alias58
00000140 l O .modinfo 0000002b __mod_alias57
00000180 l O .modinfo 0000002b __mod_alias56
000001ab l O .modinfo 00000009 __module_depends
000001c0 l O .modinfo 0000002d __mod_vermagic5

Wouldn't it be possible to check the length info from the module symbol
table and compare it with the strlen for the corresponding symbol? If that
gives us a mismatch, refuse to load the module (or mark it as
proprietary). Additionally, check that nothing but NULLs is used as
padding between the strings.

This way, the module format doesn't change, but we can do additional
verification in the loader.

Regards,
Carl-Daniel
--
http://www.hailfinger.org/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Pohl: "Low bogomips on IBM x445 (kernel 2.6.5)"
Previous message: Pavel Machek: "Re: Bug#234976: kernel-source-2.6.4: Software Suspend doesn't work"
In reply to: Jan-Benedict Glaw: "Re: [PATCH] Blacklist binary-only modules lying about their license"
Next in thread: Paulo Marques: "Re: [PATCH] Blacklist binary-only modules lying about their license"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]