Find the answer to your Linux question:
Results 1 to 3 of 3
in SLE(SUSE Linux Enterprise), all of the .ko files(/lib/modules/kernel-version/kernel/drivers/net) have -rw-r--r-- permissions. while in RHEL, all of the .ko files also have execute permission. i.e -rwxr--r-- from SLE(10 SP 1): ...
  1. 04-21-2008 #1
    needee
    needee is offline
    Linux Newbie
    Join Date
    Feb 2007
    Posts
    248

    Lightbulb diff of permissions(.ko files) b/w Redhat and SUSE

    in SLE(SUSE Linux Enterprise), all of the .ko files(/lib/modules/kernel-version/kernel/drivers/net)
    have -rw-r--r-- permissions. while in RHEL, all of the .ko files also have execute permission. i.e -rwxr--r--

    from SLE(10 SP 1):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rw-r--r-- 1 root root 187976 May 18 2007 e1000.ko

    from RHEL(AS 4 update 5):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rwx-r--r-- 1 root root 140964 Apr 21 2007 e1000.ko

    i.e in short, under SLE root user doesnt have execute permission on .ko(module)files, while under RHEL root does have execute permission on all of the .ko file.

    why is the difference ? which one is appropriate ? or which one is un-necessary ?

    Regards
    Needee
    Reply With Quote Reply With Quote
  2. 04-21-2008 #2
    i92guboj
    i92guboj is offline
    Linux Guru
    Join Date
    Nov 2007
    Location
    Córdoba (Spain)
    Posts
    1,513
    Quote Originally Posted by needee View Post
    in SLE(SUSE Linux Enterprise), all of the .ko files(/lib/modules/kernel-version/kernel/drivers/net)
    have -rw-r--r-- permissions. while in RHEL, all of the .ko files also have execute permission. i.e -rwxr--r--

    from SLE(10 SP 1):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rw-r--r-- 1 root root 187976 May 18 2007 e1000.ko

    from RHEL(AS 4 update 5):
    # cd /lib/./.././net/e1000/
    # ls -l
    -rwx-r--r-- 1 root root 140964 Apr 21 2007 e1000.ko

    i.e in short, under SLE root user doesnt have execute permission on .ko(module)files, while under RHEL root does have execute permission on all of the .ko file.

    why is the difference ? which one is appropriate ? or which one is un-necessary ?

    Regards
    Needee
    I can't think a reason why a module would need +x.The modules are loaded by the kernel and you need to be root to do so. Remember that root can read and manipulate files, regardless of the file permissions, so, technically, even 000 (no permissions at all) would work. You can try it easily with any random module:

    Code:
    # cd /lib/modules/2.6.25/kernel/fs/jfs
# ls -l
total 240
-rw-r--r-- 1 root portage 237779 abr 17 20:57 jfs.ko
# chmod 000 jfs.ko
# ls -l
total 240
---------- 1 root portage 237779 abr 17 20:57 jfs.ko
# modprobe jfs
# lsmod
Module                  Size  Used by
jfs                   167664  0 
nfs                   140856  1 
nfsd                   99176  13 
lockd                  68656  3 nfs,nfsd
sunrpc                191624  18 nfs,nfsd,lockd
exportfs                4992  1 nfsd
nvidia               8103172  36 
sr_mod                 15332  0
    EDIT: And now that I think of it, this can pose a slight security risk, because if people can read the modules, they could theoretically dissasemble them to search for possible vulnerabilities.

    I can't think why the modules aren't better protected, there must be a reason I guess... But I can't think of any.
    Reply With Quote Reply With Quote
  3. 04-22-2008 #3
    needee
    needee is offline
    Linux Newbie
    Join Date
    Feb 2007
    Posts
    248
    >I can't think a reason why a module would need +x.
    I think, you are right 100%
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...