Comment by akerl_
14 hours ago
It’s not enabled by default. It’s an optional module that is loaded on demand. The entire setup of the kernel promotes compiling in the core set of things your users will need and offering basically everything else as a module to load on demand.
This is a pedantry for the sake of it. If it's present by default and an attacker can trivially cause it to be loaded, it's the same as "on by default".
It’s radically different than on by default.
Having a service that automatically starts and listens on the network is radically different from having a module that a local administrator can load.
If you want to block module loads, you’re one sysctl flag away.
> having a module that a local administrator can load
This is a successful local privilege escalation, so local administrator privs were not needed. In default configuration of all distros, apparently.
> If you want to block module loads, you’re one sysctl flag away.
The modules aren't really the point, it's that unnecessary features (to 99% of us?) were accessible by default without privs.
This is "a service that automatically starts". That's what automatic kernel module loading is for!
It's not any different from putting an always-running network service behind socket activation instead. The security boundary/risk is nearly identical between the two.
3 replies →
[flagged]
> This is a pedantry for the sake of it.
Par for the course for HN.
How would the attacker cause one of these modules to get loaded without already having root?
Trivially. Kernel modules autoload through various unprivileged mechanisms.