Re: [PATCH 3/7] security: introduce kernel_fw_from_file hook

From: Greg Kroah-Hartman
Date: Thu Jul 17 2014 - 21:48:22 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 0/7] firmware validation"
Previous message: Masami Hiramatsu: "Re: [PATCH ftrace/core v3 1/3] [BUGFIX]kprobes/ftrace: Recover original IP if pre_handler doesn't change it"
Next in thread: Mimi Zohar: "Re: [PATCH 3/7] security: introduce kernel_fw_from_file hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 14, 2014 at 02:38:13PM -0700, Kees Cook wrote:
> In order to validate the contents of firmware being loaded, there must be
> a hook to evaluate any loaded firmware that wasn't built into the kernel
> itself. Without this, there is a risk that a root user could load malicious
> firmware designed to mount an attack against kernel memory (e.g. via DMA).
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> include/linux/security.h | 16 ++++++++++++++++
> security/capability.c | 6 ++++++
> security/security.c | 6 ++++++
> 3 files changed, 28 insertions(+)

I would like an ack from a security developer/maintainer before applying
this patch...

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "Re: [PATCH 0/7] firmware validation"
Previous message: Masami Hiramatsu: "Re: [PATCH ftrace/core v3 1/3] [BUGFIX]kprobes/ftrace: Recover original IP if pre_handler doesn't change it"
Next in thread: Mimi Zohar: "Re: [PATCH 3/7] security: introduce kernel_fw_from_file hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]