Andy Shevchenko <andy.shevchenko@xxxxxxxxx> wrote: > > From: Matthew Garrett <matthew.garrett@xxxxxxxxxx> > > > > We have no way of validating what all of the Asus WMI methods do on a given > > machine - and there's a risk that some will allow hardware state to be > > manipulated in such a way that arbitrary code can be executed in the > > kernel, circumventing module loading restrictions. Prevent that if the > > kernel is locked down. > > > + if (kernel_is_locked_down()) > > + return -EPERM; > > It looks a bit fragile when responsility of whatever reasons kernel > can't serve become a driver burden. > Can we fix this in debugfs framework instead? Fix it with debugfs how? We can't offload the decision to userspace. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
