diff options
| author | Alexandre Oliva <lxoliva@fsfla.org> | 2015-07-19 09:15:07 +0000 |
|---|---|---|
| committer | Alexandre Oliva <lxoliva@fsfla.org> | 2015-07-19 09:15:07 +0000 |
| commit | 749b02bdc187c81bdf32376bb021f2a63e2519d0 (patch) | |
| tree | aabba3eaec0f596828dd6c12d923fbbe736a9df7 /freed-ora/current/f23/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch | |
| parent | 930f9118eb64ceb608d21919e4a3364748a8c063 (diff) | |
| download | linux-libre-raptor-749b02bdc187c81bdf32376bb021f2a63e2519d0.tar.gz linux-libre-raptor-749b02bdc187c81bdf32376bb021f2a63e2519d0.zip | |
Branched f23
Diffstat (limited to 'freed-ora/current/f23/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch')
| -rw-r--r-- | freed-ora/current/f23/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/freed-ora/current/f23/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/freed-ora/current/f23/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch new file mode 100644 index 000000000..27e4b2370 --- /dev/null +++ b/freed-ora/current/f23/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch @@ -0,0 +1,38 @@ +From: Matthew Garrett <matthew.garrett@nebula.com> +Date: Fri, 9 Mar 2012 09:28:15 -0500 +Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is + restricted + +Allowing users to write to address space makes it possible for the kernel +to be subverted, avoiding module loading restrictions. Prevent this when +any restrictions have been imposed on loading modules. + +Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> +--- + drivers/char/mem.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index 53fe675f9bd7..b52c88860532 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + if (p != *ppos) + return -EFBIG; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!valid_phys_addr_range(p, count)) + return -EFAULT; + +@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, + char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ + int err = 0; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (p < (unsigned long) high_memory) { + unsigned long to_write = min_t(unsigned long, count, + (unsigned long)high_memory - p); |
