Restrict /dev/mem and /dev/kmem when module loading is restricted

BugLink: http://bugs.launchpad.net/bugs/1566221 Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when any restrictions have been imposed on loading modules. Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

Restrict /dev/mem and /dev/kmem when module loading is restricted
BugLink: http://bugs.launchpad.net/bugs/1566221 Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when any restrictions have been imposed on loading modules. Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
517d6c3a · Matthew Garrett · Tim Gardner · 716e7611 · 517d6c3a
Commit 517d6c3a authored Mar 09, 2012 by Matthew Garrett Committed by Tim Gardner Apr 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

drivers/char/mem.c drivers/char/mem.c +6 -0

No files found.
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
 	if (p != *ppos)
 		return -EFBIG;

+	if (secure_modules())
+		return -EPERM;
+
 	if (!valid_phys_addr_range(p, count))
 		return -EFAULT;

@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
 	char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
 	int err = 0;

+	if (secure_modules())
+		return -EPERM;
+
 	if (p < (unsigned long) high_memory) {
 		unsigned long to_write = min_t(unsigned long, count,
 					       (unsigned long)high_memory - p);