From: Matthew Garrett <[email protected]> Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when any restrictions have been imposed on loading modules.
Signed-off-by: Matthew Garrett <[email protected]> --- drivers/char/mem.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 7f1a7ab5850d..d6a6f05fbc1c 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, if (p != *ppos) return -EFBIG; + if (secure_modules()) + return -EPERM; + if (!valid_phys_addr_range(p, count)) return -EFAULT; @@ -516,6 +519,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, if (!pfn_valid(PFN_DOWN(p))) return -EIO; + if (secure_modules()) + return -EPERM; + if (p < (unsigned long) high_memory) { unsigned long to_write = min_t(unsigned long, count, (unsigned long)high_memory - p); -- 2.9.3 _______________________________________________ kernel mailing list -- [email protected] To unsubscribe send an email to [email protected]
