On Mon, Jul 14, 2014 at 02:38:13PM -0700, Kees Cook wrote: > In order to validate the contents of firmware being loaded, there must be > a hook to evaluate any loaded firmware that wasn't built into the kernel > itself. Without this, there is a risk that a root user could load malicious > firmware designed to mount an attack against kernel memory (e.g. via DMA). > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > include/linux/security.h | 16 ++++++++++++++++ > security/capability.c | 6 ++++++ > security/security.c | 6 ++++++ > 3 files changed, 28 insertions(+) I would like an ack from a security developer/maintainer before applying this patch... thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
