[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kext ownership settings

Subject: Re: kext ownership settings
From: Amanda Walker <email@hidden>
Date: Mon, 26 Aug 2002 10:14:24 -0400
User-agent: Microsoft-Entourage/10.1.0.2006

On 8/25/02 4:04 PM, chuck remes <email@hidden> wrote:
> It never would have occurred to me either. I build the kext in my
> project dir and kextload it from that location (it's unnecessary to
> copy to /System/Library/Extensions). kextload complains if the
> owner:group are not set to root:wheel. If I'm building the kext as my
> regular user (cremes), it can't overwrite something owned by root EVEN
> IF it is in a directory owned by cremes.

Ah, gotcha.

> Am I missing something simple?

It strikes me as being a security issue. Kextload has to run as root.
Aside from the development situation ("I just built a kext and want to try
it out"), I can see why preventing kextload from loading an extension that
is writable by a non-root user could be a significant security hole. If it
allows it, any other code running as the kext's owner has a simple way to
load arbitrary code into the kernel.

Amanda Walker
_______________________________________________
darwin-drivers mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-drivers
Do not post admin requests to the list. They will be ignored.

References:
	>Re: kext ownership settings (From: chuck remes <email@hidden>)

Prev by Date: IOSCSIDrive/IOSCSIFamily
Next by Date: Re: kext ownership settings
Previous by thread: Re: kext ownership settings
Next by thread: Re: kext ownership settings
Index(es):
- Date
- Thread

Home