I'm genuinely interested - what do you mean? It's my understanding (and please, correct me if I'm wrong) that if you're able to insmod a non-standard kernel module into a linux system, you are root already. I don't understand what this has to do with unix being multi-user, only root has the ability to insmod /tmp/haha.ko
Please note I'm not talking about the ability of the kernel to automatically load modules as required. That's only from the /lib/modules path and you need to be root have to inserted a module in there anyway.
And if you have that ability, worrying about the security of a module such as this seems, to me, totally and utterly pointless, because you could be inserting a rootkit, or a module that randomly deletes a file every time you press the letter A etc.
So could you explain what you mean please? Why be concerned about security when security is already compromised? How does it being multi-user make a difference?
Suppose your admin is a funny guy and loads this kernel module at April 1st.
I (Jonny non-root user) can no longer listen to my favorite mp3, because the kernel module changes the path all the time.
The admin loughs and has fun.
But then later I call open() with some fancy arguments and take over the whole machine (or at least crash it). This is the part where I lough.
And if you have that ability, worrying about the security of a module such as this seems, to me, totally and utterly pointless, because you could be inserting a rootkit, or a module that randomly deletes a file every time you press the letter A etc.
So could you explain what you mean please? Why be concerned about security when security is already compromised? How does it being multi-user make a difference?