[PATCH v2 1/2] modutils: check ELF header before calling finit_module()

Kang-Che Sung explorer09 at gmail.com
Tue Jan 5 02:47:25 UTC 2021


On Mon, Jan 4, 2021 at 6:32 PM Qu Wenruo <wqu at suse.com> wrote:
>
> On 2021/1/4 下午6:01, Kang-Che Sung wrote:
> > On Sun, Jan 3, 2021 at 12:11 PM Qu Wenruo <wqu at suse.com> wrote:
> >>
> >> finit_module() and init_module() system calls have clear specification
> >> to only accept valid ELF image.
> >>
> >> Although we try finit_module() on compressed modules to let the kernel
> >> determine if it's an ELF image, but it's not ideal, especially when
> >> newer kernel will complain when some invalid files/memory is passed in.
> >>
> >> Treat the kernel better by just doing a very basic ELF header check
> >> before calling finit_module().
> >>
> >> Signed-off-by: Qu Wenruo <wqu at suse.com>
> >
> > What is the reason for not letting the kernel do all the ELF sanity checks?
> > Performance? Security? For now this looks like extra code to busybox
> > without obvious benefits.
> >
> To avoid possible "Invalid ELF header" error message from kernel.
>
> Since those system calls are only to accept ELF header, kernel has its
> right to info the caller that it got some invalid ELF header (even if
> it's just compressed file).
>
> Or did you mean, busybox pursues size so much that it doesn't matter to
> not follow system call spec?

It is normal for the kernel to receive a malformed ELF file through
init_module() and it's the kernel's job to reject it. I don't see why the
"Invalid ELF header" message would bother you so much, since you
won't load kernel modules often.

By "security" I mean, if the kernel would accept any header other than
ELF and you want to ensure only ELF is passed to the system call,
then it's fine to add that sanity check. Otherwise, there's no benefit
for repeating what the kernel would do in busybox.


More information about the busybox mailing list