| View previous topic :: View next topic |
| Author |
Message |
michaels70
n00b
Joined: 30 Jul 2013
Posts: 5
|
 Posted: Fri Mar 07, 2014 3:13 pm Post subject: Problem with PaX and Proprietary module insertion |
 |
|
| I am having a problem with trying to insert a kernel module with the license set to Proprietary with a hardened kernel that has PaX enabled. If I set the license to GPL it works fine. If the license is set to Proprietary I get a "Invalid module format" error when I insmod it. If I disable PaX either license works fine. Is there a way to use Proprietary kernel modules with a kernel compiled with PaX support or am I missing something? |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23105
|
| Posted: Sat Mar 08, 2014 1:52 am Post subject: |
|
|
This is probably caused by this fragment from the patch: | Code: | @@ -2698,8 +2736,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
const char *modmagic = get_modinfo(info, "vermagic");
+ const char *license = get_modinfo(info, "license");
int err;
+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
+ if (!license || !license_is_gpl_compatible(license))
+ return -ENOEXEC;
+#endif
+
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL; |
I would avoid proprietary modules on a hardened kernel. Some of the security features have been known to trigger bugs in the proprietary modules. |
|
| Back to top |
|
|
michaels70
n00b
Joined: 30 Jul 2013
Posts: 5
|
| Posted: Tue Mar 11, 2014 2:29 pm Post subject: |
|
|
That was the problem! I was able to select BTS for the return address instrumentation method instead of OR in the kernel configuratoin and that allows loading of proprietary modules, although it adds extra overhead.
Thanks! |
|
| Back to top |
|
|
|
Kernel & Hardware
