Re: [PATCH V3 05/11] asus-wmi: Restrict debugfs interface when moduleloading is restricted

From: James Morris
Date: Tue Sep 03 2013 - 20:46:29 EST

Next message: James Morris: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforcesmodule loading restrictions"
Previous message: James Morris: "Re: [PATCH V3 06/11] Restrict /dev/mem and /dev/kmem when moduleloading is restricted"
In reply to: Matthew Garrett: "[PATCH V3 05/11] asus-wmi: Restrict debugfs interface when module loading is restricted"
Next in thread: Matthew Garrett: "[PATCH V3 04/11] ACPI: Limit access to custom_method"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 3 Sep 2013, Matthew Garrett wrote:

> We have no way of validating what all of the Asus WMI methods do on a
> given machine, and there's a risk that some will allow hardware state to
> be manipulated in such a way that arbitrary code can be executed in the
> kernel, circumventing module loading restrictions. Prevent that if any of
> these features are enabled.
>
> Signed-off-by: Matthew Garrett <matthew.garrett@xxxxxxxxxx>

Reviewed-by: James Morris <jmorris@xxxxxxxxx>

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforcesmodule loading restrictions"
Previous message: James Morris: "Re: [PATCH V3 06/11] Restrict /dev/mem and /dev/kmem when moduleloading is restricted"
In reply to: Matthew Garrett: "[PATCH V3 05/11] asus-wmi: Restrict debugfs interface when module loading is restricted"
Next in thread: Matthew Garrett: "[PATCH V3 04/11] ACPI: Limit access to custom_method"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]