From 6a91557e4cd508858eca5aba5406a9109861d4de Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Wed, 20 Aug 2014 13:22:24 -0400 Subject: Patch file cleanup Do a couple things here: - Split the mega-patches into individual patches. Should help with rebasing. - Make all patches 'git am' acceptable. There should be no functional or actual code differences from before --- ...v-mem-and-dev-kmem-when-module-loading-is.patch | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch (limited to 'Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch') diff --git a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch new file mode 100644 index 000000000..5c8f248fd --- /dev/null +++ b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch @@ -0,0 +1,42 @@ +From b5eb26c8283e04ddc93419c4403442a3dae1c581 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Fri, 9 Mar 2012 09:28:15 -0500 +Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is + restricted + +Allowing users to write to address space makes it possible for the kernel +to be subverted, avoiding module loading restrictions. Prevent this when +any restrictions have been imposed on loading modules. + +Signed-off-by: Matthew Garrett +--- + drivers/char/mem.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index cdf839f9defe..c63cf93b00eb 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + if (p != *ppos) + return -EFBIG; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!valid_phys_addr_range(p, count)) + return -EFAULT; + +@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, + char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ + int err = 0; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (p < (unsigned long) high_memory) { + unsigned long to_write = min_t(unsigned long, count, + (unsigned long)high_memory - p); +-- +1.9.3 + -- cgit