forked from rpms/kernel
32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
|
|
From: Matthew Garrett <matthew.garrett@nebula.com>
|
|
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
|
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
|
|
|
|
custom_method effectively allows arbitrary access to system memory, making
|
|
it possible for an attacker to circumvent restrictions on module loading.
|
|
Disable it if any such restrictions have been enabled.
|
|
|
|
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|
---
|
|
drivers/acpi/custom_method.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
|
index c68e72414a67..4277938af700 100644
|
|
--- a/drivers/acpi/custom_method.c
|
|
+++ b/drivers/acpi/custom_method.c
|
|
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
|
struct acpi_table_header table;
|
|
acpi_status status;
|
|
|
|
+ if (secure_modules())
|
|
+ return -EPERM;
|
|
+
|
|
if (!(*ppos)) {
|
|
/* parse the table header to get the table length */
|
|
if (count <= sizeof(struct acpi_table_header))
|
|
--
|
|
2.4.3
|
|
|