summaryrefslogtreecommitdiffstats
path: root/ACPI-Limit-access-to-custom_method.patch
diff options
context:
space:
mode:
Diffstat (limited to 'ACPI-Limit-access-to-custom_method.patch')
-rw-r--r--ACPI-Limit-access-to-custom_method.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/ACPI-Limit-access-to-custom_method.patch b/ACPI-Limit-access-to-custom_method.patch
new file mode 100644
index 000000000..148feeb39
--- /dev/null
+++ b/ACPI-Limit-access-to-custom_method.patch
@@ -0,0 +1,31 @@
+From 534706023a5b169f0d85c92c00c4a658346704f5 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Fri, 9 Mar 2012 08:39:37 -0500
+Subject: [PATCH] ACPI: Limit access to custom_method
+
+custom_method effectively allows arbitrary access to system memory, making
+it possible for an attacker to circumvent restrictions on module loading.
+Disable it if any such restrictions have been enabled.
+
+Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
+---
+ drivers/acpi/custom_method.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
+index c68e72414a67..4277938af700 100644
+--- a/drivers/acpi/custom_method.c
++++ b/drivers/acpi/custom_method.c
+@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
+ struct acpi_table_header table;
+ acpi_status status;
+
++ if (secure_modules())
++ return -EPERM;
++
+ if (!(*ppos)) {
+ /* parse the table header to get the table length */
+ if (count <= sizeof(struct acpi_table_header))
+--
+1.9.3
+