luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9b9d8dda1e
tmp_suning_uos_patched/security
History
Matthew Garrett 9b9d8dda1e lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down 
Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.

Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked down to prevent this.

Also disallow /dev/port from being opened to prevent raw ioport access and
thus DMA from being used to accomplish the same thing.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: x86@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:15 -07:00
..
apparmor apparmor: reset pos on failure to unpack for various functions 2019-06-18 16:04:16 -07:00
integrity treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
keys treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
loadpin treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
lockdown lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down 2019-08-19 21:54:15 -07:00
safesetid treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
selinux treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smack treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tomoyo treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
yama treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
commoncap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-03-19 10:46:15 -07:00
inode.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Kconfig security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
Kconfig.hardening treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
lsm_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
min_addr.c
security.c security: Add a "locked down" LSM hook 2019-08-19 21:54:15 -07:00