Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load... | netdev

[PATCH v5 next 0/5] Improve Module autoloading infrastructure · Djalal Harouni <hidden> · 2017-11-27
[PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Randy Dunlap <hidden> · 2017-11-27
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Kees Cook <hidden> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Djalal Harouni <hidden> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Djalal Harouni <hidden> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Kees Cook <hidden> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Kees Cook <hidden> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-28
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Michal Kubecek <hidden> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Alan Cox <hidden> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · David Miller <davem@davemloft.net> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Theodore Ts'o" <tytso@mit.edu> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · David Miller <davem@davemloft.net> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Theodore Ts'o" <tytso@mit.edu> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Kees Cook <hidden> · 2017-11-30
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Serge E. Hallyn" <serge@hallyn.com> · 2017-11-29
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Theodore Ts'o" <tytso@mit.edu> · 2017-11-30
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · "Serge E. Hallyn" <serge@hallyn.com> · 2017-11-30
Re: [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() · Djalal Harouni <hidden> · 2017-11-28
[PATCH v5 next 2/5] modules:capabilities: add cap_kernel_module_request() permission check · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 2/5] modules:capabilities: add cap_kernel_module_request() permission check · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-30
[PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Kees Cook <hidden> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Kees Cook <hidden> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules · Kees Cook <hidden> · 2017-11-28
[PATCH v5 next 4/5] modules:capabilities: add a per-task modules auto-load mode · Djalal Harouni <hidden> · 2017-11-27
[PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2017-11-30
Re: [PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction · Djalal Harouni <hidden> · 2017-11-30
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · Linus Torvalds <torvalds@linux-foundation.org> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · Djalal Harouni <hidden> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · David Miller <davem@davemloft.net> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · James Morris <hidden> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · Kees Cook <hidden> · 2017-11-27
Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure · James Morris <hidden> · 2017-11-27

Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules

From: Linus Torvalds <torvalds@linux-foundation.org>
Date: 2017-11-27 18:44:25
Also in: linux-security-module, lkml

On Mon, Nov 27, 2017 at 9:18 AM, Djalal Harouni [off-list ref] wrote:

This uses the new request_module_cap() facility to directly propagate
CAP_NET_ADMIN capability and the 'netdev' module prefix to the
capability subsystem as it was suggested.

This is the kind of complexity that I wonder if it's worth it at all.

Nobody sane actually uses those stupid capability bits. Have you ever
actually seen it used in real life?

They were a mistake, and we should never have done them - another case
of security people who think that complexity == security, when in
reality nobody actually wants the complexity or is willing to set it
up and manage it.

                   Linus

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help