diff mbox series

[05/47,X] UBUNTU: SAUCE: (efi-lockdown) Restrict /dev/{mem, kmem, port} when the kernel is locked down

Message ID 20200618231258.630575-6-seth.forshee@canonical.com
State New
Headers show
Series Lockdown updates | expand

Commit Message

Seth Forshee June 18, 2020, 11:12 p.m. UTC 
From: Matthew Garrett <matthew.garrett@nebula.com>

BugLink: https://bugs.launchpad.net/bugs/1884159

Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.

Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked down to prevent this.

Also disallow /dev/port from being opened to prevent raw ioport access and
thus DMA from being used to accomplish the same thing.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
(backported from commit 2eada4c7af2d4e9522a47523d2a5106d96271cd9
 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 drivers/char/mem.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Stefan Bader June 19, 2020, 8:03 a.m. UTC | #1 
On 19.06.20 01:12, Seth Forshee wrote:
> From: Matthew Garrett <matthew.garrett@nebula.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1884159
> 
> Allowing users to read and write to core kernel memory makes it possible
> for the kernel to be subverted, avoiding module loading restrictions, and
> also to steal cryptographic information.
> 
> Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
> been locked down to prevent this.
> 
> Also disallow /dev/port from being opened to prevent raw ioport access and
> thus DMA from being used to accomplish the same thing.
> 
> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
> (backported from commit 2eada4c7af2d4e9522a47523d2a5106d96271cd9
>  git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> ---

This one appears odd, but I checked the reference and its the same.
Just hard to say it is doing what it claims from looking at the patch

>  drivers/char/mem.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> index 6ebe2b86d8eb..f41ad9aa5e0a 100644
> --- a/drivers/char/mem.c
> +++ b/drivers/char/mem.c
> @@ -8,6 +8,7 @@
>   *  Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
>   */
>  
> +#include <linux/module.h>
>  #include <linux/mm.h>
>  #include <linux/miscdevice.h>
>  #include <linux/slab.h>
> @@ -756,6 +757,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
>  
>  static int open_port(struct inode *inode, struct file *filp)
>  {
> +	if (secure_modules())
> +		return -EPERM;
>  	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
>  }
>  
>
diff mbox series

Patch

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 6ebe2b86d8eb..f41ad9aa5e0a 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -8,6 +8,7 @@ 
  *  Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
  */
 
+#include <linux/module.h>
 #include <linux/mm.h>
 #include <linux/miscdevice.h>
 #include <linux/slab.h>
@@ -756,6 +757,8 @@  static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
 
 static int open_port(struct inode *inode, struct file *filp)
 {
+	if (secure_modules())
+		return -EPERM;
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }