projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0bdcec5) | patch
Restrict /dev/mem and /dev/kmem when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 5 Apr 2017 16:40:30 +0000 (17:40 +0100)
committerBen Hutchings <ben@decadent.org.uk>
Mon, 17 Jul 2017 02:01:21 +0000 (03:01 +0100)
commit0cfdbe6c64cb550a67b161d7c7895e163d2db0c2
tree81c5591f7cd98d9cf3ad190b5c20258127289f4ftree | snapshot
parent0bdcec59be2294306420dc69727acabf644e9808commit | diff
Restrict /dev/mem and /dev/kmem when the kernel is locked down

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
drivers/char/mem.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.