On Tue, 3 Sep 2013, Matthew Garrett wrote: > custom_method effectively allows arbitrary access to system memory, making > it possible for an attacker to circumvent restrictions on module loading. > Disable it if any such restrictions have been enabled. > > Signed-off-by: Matthew Garrett <matthew.garrett@xxxxxxxxxx> Reviewed-by: James Morris <jmorris@xxxxxxxxx> > --- > drivers/acpi/custom_method.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c > index 12b62f2..50647b3 100644 > --- a/drivers/acpi/custom_method.c > +++ b/drivers/acpi/custom_method.c > @@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, > struct acpi_table_header table; > acpi_status status; > > + if (secure_modules()) > + return -EPERM; > + > if (!(*ppos)) { > /* parse the table header to get the table length */ > if (count <= sizeof(struct acpi_table_header)) > -- > 1.8.3.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html