On Friday, March 04, 2011, Vasiliy Kulikov wrote:
> If /proc/sys/kernel/modules_disabled is set to 1, then nobody (even full
> root) may not read/write arbitrary kernel memory. In spite of it,
> hibernation allows anyone with an access to either /dev/snapshot or
> /sys/power/ make the full snapshot of the system. This snapshot may be
> freely changed and uploaded back.
>
> Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
That "everyone" is actually the "full root" (in the case of /sys/power/state)
or someone having CAP_SYS_ADMIN in the /dev/snapshot case, right?
So the changelog is misleading and please fix it.
Second, there's _zero_ relationship between /proc/sys/kernel/modules_disabled
and the hibernation interface, so please find a different way to solve the
problem (if there is any).
Thanks,
Rafael
> ---
> kernel/power/hibernate.c | 6 ++++++
> 1 files changed, 6 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> index 1832bd2..1ac9eee 100644
> --- a/kernel/power/hibernate.c
> +++ b/kernel/power/hibernate.c
> @@ -328,6 +328,9 @@ int hibernation_snapshot(int platform_mode)
> {
> int error;
>
> + if (modules_disabled)
> + return -EPERM;
> +
> error = platform_begin(platform_mode);
> if (error)
> goto Close;
> @@ -385,6 +388,9 @@ static int resume_target_kernel(bool platform_mode)
> {
> int error;
>
> + if (modules_disabled)
> + return -EPERM;
> +
> error = dpm_suspend_noirq(PMSG_QUIESCE);
> if (error) {
> printk(KERN_ERR "PM: Some devices failed to power down, "
>
_______________________________________________
linux-pm mailing list
linux-pm@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/linux-pm
