LKRG blocks modprobe due to hardcoded paths

  • Open
  • quality assurance status badge
Details
One participant
  • DonaldSanders1968
Owner
unassigned
Submitted by
DonaldSanders1968
Severity
normal
D
D
DonaldSanders1968 wrote on 30 Oct 2022 05:51
(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
uLnzIxI-2cTluSBjhSuDoKBHR-btNgyBxdbUdCLx1FD7XPHVJMPsQMQgAV5TIltd7M7mxb1qPYZaxa5nmPWwr7IZLZoWMBKrzudQcs2zuXc=@protonmail.ch
Hi Guix,

LKRG with default config on Guix system will resist executing modprobe. Its log message is like:

Oct 30 xx:xx:xx localhost vmunix: [ 2534.269558] LKRG: ALERT: BLOCK: UMH: Executing program name /gnu/store/fas8d76ws2xsdaiiyv822qy3tjx2an6x-modprobe

I found it is caused by hardcoded modprobe path in [src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c](https://github.com/lkrg-org/lkrg/blob/main/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c),which includes a whitelist for UMH validation in LKRG.

Kind regards,
Don
Attachment: file
?