Find the answer to your Linux question:
Results 1 to 3 of 3
in SLE(SUSE Linux Enterprise), all of the .ko files(/lib/modules/kernel-version/kernel/drivers/net) have -rw-r--r-- permissions. while in RHEL, all of the .ko files also have execute permission. i.e -rwxr--r-- from SLE(10 SP 1): ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Feb 2007
    Posts
    248

    Lightbulb diff of permissions(.ko files) b/w Redhat and SUSE


    in SLE(SUSE Linux Enterprise), all of the .ko files(/lib/modules/kernel-version/kernel/drivers/net)
    have -rw-r--r-- permissions. while in RHEL, all of the .ko files also have execute permission. i.e -rwxr--r--

    from SLE(10 SP 1):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rw-r--r-- 1 root root 187976 May 18 2007 e1000.ko

    from RHEL(AS 4 update 5):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rwx-r--r-- 1 root root 140964 Apr 21 2007 e1000.ko

    i.e in short, under SLE root user doesnt have execute permission on .ko(module)files, while under RHEL root does have execute permission on all of the .ko file.

    why is the difference ? which one is appropriate ? or which one is un-necessary ?

    Regards
    Needee

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Location
    Córdoba (Spain)
    Posts
    1,513
    Quote Originally Posted by needee View Post
    in SLE(SUSE Linux Enterprise), all of the .ko files(/lib/modules/kernel-version/kernel/drivers/net)
    have -rw-r--r-- permissions. while in RHEL, all of the .ko files also have execute permission. i.e -rwxr--r--

    from SLE(10 SP 1):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rw-r--r-- 1 root root 187976 May 18 2007 e1000.ko

    from RHEL(AS 4 update 5):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rwx-r--r-- 1 root root 140964 Apr 21 2007 e1000.ko

    i.e in short, under SLE root user doesnt have execute permission on .ko(module)files, while under RHEL root does have execute permission on all of the .ko file.

    why is the difference ? which one is appropriate ? or which one is un-necessary ?

    Regards
    Needee
    I can't think a reason why a module would need +x.The modules are loaded by the kernel and you need to be root to do so. Remember that root can read and manipulate files, regardless of the file permissions, so, technically, even 000 (no permissions at all) would work. You can try it easily with any random module:

    Code:
    # cd /lib/modules/2.6.25/kernel/fs/jfs
    # ls -l
    total 240
    -rw-r--r-- 1 root portage 237779 abr 17 20:57 jfs.ko
    # chmod 000 jfs.ko
    # ls -l
    total 240
    ---------- 1 root portage 237779 abr 17 20:57 jfs.ko
    # modprobe jfs
    # lsmod
    Module                  Size  Used by
    jfs                   167664  0 
    nfs                   140856  1 
    nfsd                   99176  13 
    lockd                  68656  3 nfs,nfsd
    sunrpc                191624  18 nfs,nfsd,lockd
    exportfs                4992  1 nfsd
    nvidia               8103172  36 
    sr_mod                 15332  0
    EDIT: And now that I think of it, this can pose a slight security risk, because if people can read the modules, they could theoretically dissasemble them to search for possible vulnerabilities.

    I can't think why the modules aren't better protected, there must be a reason I guess... But I can't think of any.

  3. #3
    Linux Newbie
    Join Date
    Feb 2007
    Posts
    248
    >I can't think a reason why a module would need +x.
    I think, you are right 100%

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •