Re: [PATCH 3/7] security: introduce kernel_fw_from_file hook
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2014-07-18 01:48:19
Also in:
lkml
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2014-07-18 01:48:19
Also in:
lkml
On Mon, Jul 14, 2014 at 02:38:13PM -0700, Kees Cook wrote:
In order to validate the contents of firmware being loaded, there must be a hook to evaluate any loaded firmware that wasn't built into the kernel itself. Without this, there is a risk that a root user could load malicious firmware designed to mount an attack against kernel memory (e.g. via DMA). Signed-off-by: Kees Cook <redacted> --- include/linux/security.h | 16 ++++++++++++++++ security/capability.c | 6 ++++++ security/security.c | 6 ++++++ 3 files changed, 28 insertions(+)
I would like an ack from a security developer/maintainer before applying this patch... thanks, greg k-h