LKRG blocks modprobe due to hardcoded paths

  • Open
  • quality assurance status badge
Details
One participant
  • DonaldSanders1968
Owner
unassigned
Submitted by
DonaldSanders1968
Severity
normal
D
D
DonaldSanders1968 wrote on 30 Oct 2022 05:51
(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
uLnzIxI-2cTluSBjhSuDoKBHR-btNgyBxdbUdCLx1FD7XPHVJMPsQMQgAV5TIltd7M7mxb1qPYZaxa5nmPWwr7IZLZoWMBKrzudQcs2zuXc=@protonmail.ch
Hi Guix,

LKRG with default config on Guix system will resist executing modprobe. Its log message is like:

Oct 30 xx:xx:xx localhost vmunix: [ 2534.269558] LKRG: ALERT: BLOCK: UMH: Executing program name /gnu/store/fas8d76ws2xsdaiiyv822qy3tjx2an6x-modprobe

I found it is caused by hardcoded modprobe path in [src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c](https://github.com/lkrg-org/lkrg/blob/main/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c),which includes a whitelist for UMH validation in LKRG.

Kind regards,
Don
Attachment: file
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 58891@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 58891
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch