projects / cascardo / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d8b6c6) | patch
security: introduce kernel_fw_from_file hook
authorKees Cook <keescook@chromium.org>
Tue, 25 Feb 2014 18:28:04 +0000 (10:28 -0800)
committerKees Cook <keescook@chromium.org>
Fri, 25 Jul 2014 18:47:45 +0000 (11:47 -0700)
commit13752fe2d7f2d41c2fd92a5d1b1c6e38c4de0c05
treeee922f8fbd1dd96c0aee0fd6274d94271f55217ctree | snapshot
parent7d8b6c63751cfbbe5eef81a48c22978b3407a3adcommit | diff
security: introduce kernel_fw_from_file hook

In order to validate the contents of firmware being loaded, there must be
a hook to evaluate any loaded firmware that wasn't built into the kernel
itself. Without this, there is a risk that a root user could load malicious
firmware designed to mount an attack against kernel memory (e.g. via DMA).

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
include/linux/security.h diff | blob | history
security/capability.c diff | blob | history
security/security.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.