projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d3dd9d8) | patch
Restrict /dev/mem and /dev/kmem when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 5 Apr 2017 16:40:30 +0000 (17:40 +0100)
committerBen Hutchings <ben@decadent.org.uk>
Mon, 19 Jun 2017 23:25:45 +0000 (00:25 +0100)
commit6ccd19dfe61cfc57009fd5357ffb0e42a4ffedd1
tree3b09a84ff64171b063e643eefe92fa5e81f08b1atree | snapshot
parentd3dd9d843c45e0dcb0c74f78769999ec189fb07bcommit | diff
Restrict /dev/mem and /dev/kmem when the kernel is locked down

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions.  Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
drivers/char/mem.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.