]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f4673ab) | patch
security: introduce kernel_fw_from_file hook
authorKees Cook <keescook@chromium.org>
Tue, 25 Feb 2014 18:28:04 +0000 (10:28 -0800)
committerKees Cook <keescook@chromium.org>
Fri, 25 Jul 2014 18:47:45 +0000 (11:47 -0700)
commita65a5c29cf4a9093072ea7288bdaf09a1ca6f3b2
treeee922f8fbd1dd96c0aee0fd6274d94271f55217ctree | snapshot
parentf4673ab50cd5ca23dde0e0a1ba9ca24612e63ce2commit | diff
security: introduce kernel_fw_from_file hook

In order to validate the contents of firmware being loaded, there must be
a hook to evaluate any loaded firmware that wasn't built into the kernel
itself. Without this, there is a risk that a root user could load malicious
firmware designed to mount an attack against kernel memory (e.g. via DMA).

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
include/linux/security.h diff | blob | history
security/capability.c diff | blob | history
security/security.c diff | blob | history
Linux Kernel Source Tree.