On Mon, Oct 12, 1998 at 05:44:50PM -0400, Chip Salzenberg wrote:
> I don't have a problem with how modprobe behaves; I have a problem
> with the fact that it's being spawned in the first place.
OK, I see what you mean now.
If a protocol doesn't exist. and socket is called - then modprobe is
launched (provided family < NPROTO).
The code that does this, from net/socket.c:
#if defined(CONFIG_KMOD) && defined(CONFIG_NET)
/* Attempt to load a protocol module if the find failed.
*
* 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
* requested real, full-featured networking support upon configuration.
* Otherwise module support will break!
*/
if (net_families[family]==NULL)
{
char module_name[30];
sprintf(module_name,"net-pf-%d",family);
request_module(module_name);
}
#endif
Whis is arguably incorrect, it should be something like:
- if (net_families[family]==NULL)
+ if(net_families[family]==NULL && net_expect_module(family))
[...]
int net_expect_family(int f)
{
int i;
static int modules[] = {
#ifdef CONFIG_IPX_MODULE
AF_IPX,
#endif
#ifdef CONFIG_PACKET_MODULE
AF_PACKET,
#endif
#ifdef CONFIG_ATALK
AF_DDP,
#endif
[...] other protocols
-1 }; /* end */
for(i=0;modules[i] != -1;)
if(modules[i] == f)
return 1;
return 0;
}
Dave - what do you think about that solution? If it makes sense let
me know and I'll send a patch your way.
The only drawback I can see, is when adding a protocol, people will
have to update net/socket.c now, whereas before it wasn't necessary.
Something else while I remember, any user can use this as a pretty
effective DoS attack via syslog; "for(;;) socket(21,0,0);"
-cw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/