From 6a003c837a9799df9435db6e8002b5f0a4eb3e88 Mon Sep 17 00:00:00 2001 From: Steve Muckle Date: Wed, 25 Jan 2017 17:51:40 -0800 Subject: modprobe: use finit_module when possible The finit_module() system call, introduced in Linux 3.8, reads the module from a supplied file descriptor. This allows the kernel to do security checks based on the file's location. --- toys/pending/modprobe.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'toys/pending/modprobe.c') diff --git a/toys/pending/modprobe.c b/toys/pending/modprobe.c index 50ec60f5..c701f5bf 100644 --- a/toys/pending/modprobe.c +++ b/toys/pending/modprobe.c @@ -373,6 +373,19 @@ static int ins_mod(char *modules, char *flags) int len, res; int fd = xopenro(modules); + while (flags && strlen(toybuf) + strlen(flags) + 2 < sizeof(toybuf)) { + strcat(toybuf, flags); + strcat(toybuf, " "); + } + +#ifdef __NR_finit_module + res = syscall(__NR_finit_module, fd, toybuf, 0); + if (!res || errno != ENOSYS) { + xclose(fd); + return res; + } +#endif + // TODO xreadfile() len = fdlength(fd); @@ -380,10 +393,6 @@ static int ins_mod(char *modules, char *flags) xreadall(fd, buf, len); xclose(fd); - while (flags && strlen(toybuf) + strlen(flags) + 2 < sizeof(toybuf)) { - strcat(toybuf, flags); - strcat(toybuf, " "); - } res = syscall(__NR_init_module, buf, len, toybuf); if (CFG_TOYBOX_FREE && buf != toybuf) free(buf); return res; -- cgit v1.2.3