No. OpenBSD has loadable kernel modules turned off by default with a monolithic kernel build. The feature is not removed entirely. There's a big difference. It's also not what "Linux is saying". Not even remotely. You still need elevated privileges to load kernel modules unless some fool disables that barrier or equally stupidly defines a weak or non-existent root password. No OS on the planet, not even OpenBSD or MacOS, will fully protect people from their own stupidity. See my above posting.

I also don't believe for a moment OpenBSD, which is literally just another Unix system with the same built in conceptual weaknesses, will stand up to wholesale scrutiny from researchers and attackers just like Linux didn't once it started getting attention. I also don't believe that scrutiny is likely, as OpenBSD's overall performance is pretty abysmal, and most people will look at that (and a lack of some critical modern features like TRIM - and yes I know exactly why it's not in OpenBSD, and I also know the reasoning is bunk) and pass it up. Security research tends to go with the money. There's no real payout except street-cred for breaking OpenBSD. Not that people don't still do it. There's the occasional article that makes it into 2600 about finding vulnerabilities in OpenBSD (and let's not forget about the errata listing).

andresdju I believe you're overthinking it. There's no behavior change here that didn't already exist. A "buggy script" still requires privilege elevation, intentional or otherwise. If that were written naively by the administrator of the system, that's pretty much on them. It's impossible to remove all foot guns from a complex system this old. Someone somewhere is going to find one and shoot themselves in the foot. That doesn't mean we should completely remove all dangerous artifacts just because someone naively used it without understanding what they were doing. It doesn't even take a "buggy script" if this is an intentional attack, nor would it matter which directory the module originally downloaded to. It's trivial once someone has root to move it to the appropriate directories and rebuild the initramfs (which doesn't necessarily require either insmod nor modprobe if a person is willing to wait for a reboot).

Like I said, once someone gains root on Linux (or OpenBSD) then not even the various mitigations built into Linux (or OpenBSD) will slow them down for very long. That's the nature of Unix and the Unix security model that not even capabilities based security frameworks can fully ameliorate. It's built into the "soul" of Unix-like OSes. This is why root and it's "god mode" has to be protected so fiercely and why new security paradigms not based on 60 year old OSes that originally ignored security considerations (or circumvented them on purpose like NT) is needed (like CHERI - which requires new hardware designs to fully utilize because the underlying hardware is part of the problem).

Wow once again an absolute great feature and security asshats polluting everything with their hysteria, it's the reason Crapland will forever be a toy too.

modprove requires privileges to load the module. If you are root you have full control over the fucking filesystem, including placing your fucking module ANYWHERE, why the fuck does it matter?

Fantastic ability for convenience. I'm so sick of the word "security".

"sudo -s" ever heard of it? The very first command literally everyone worth any degree of engineering or security competency runs before they execute any command because Lunix permissions are a flustercuck? Would love to hear your excuse as to why root should be this special user that can modify the kernel on-demand when root is what almost all demons run under?

Lunix needs to get away from the headless-by-default scheme and rely more on good old fashioned UAC for privileged auth instead of this mythical root user that can somehow always be accessed and do literally anything to a machines firmware. Maybe even lock the ROM?

As long as the user that can use modprobe (root in this case) can also modify the filesystem, this patch is not a security issue. Period.

what part of: "sudo cp ... && sudo modprobe blah" being available without this patch you don't get?

Because not all of them look like this.


Also remember just because a user is granted sudo does not mean they are granted to run all commands. User might not be able to sudo cp because they are not granted cp as sudo.

]Maybe someone should have read how sudo works before doing their post Weasel. Because why did you presume user granted right to use modprobe is also granted the right to use cp. Home installs yes enterprise business install this can be they are only granted modprobe.

​In what world would you let someone use modprobe but not cp with root privileges?

modprobe can do anything since it inserts kernel module which can do absolutely everything it wants to, including expose cp functionality to any user, zero out your drive or whatever.

It's far more "dangerous" than cp.