6a91557
From: Matthew Garrett <matthew.garrett@nebula.com>
6a91557
Date: Fri, 9 Mar 2012 08:39:37 -0500
6a91557
Subject: [PATCH] ACPI: Limit access to custom_method
6a91557
6a91557
custom_method effectively allows arbitrary access to system memory, making
6a91557
it possible for an attacker to circumvent restrictions on module loading.
6a91557
Disable it if any such restrictions have been enabled.
6a91557
6a91557
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
6a91557
---
6a91557
 drivers/acpi/custom_method.c | 3 +++
6a91557
 1 file changed, 3 insertions(+)
6a91557
6a91557
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
6a91557
index c68e72414a67..4277938af700 100644
6a91557
--- a/drivers/acpi/custom_method.c
6a91557
+++ b/drivers/acpi/custom_method.c
6a91557
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
6a91557
 	struct acpi_table_header table;
6a91557
 	acpi_status status;
6a91557
 
6a91557
+	if (secure_modules())
6a91557
+		return -EPERM;
6a91557
+
6a91557
 	if (!(*ppos)) {
6a91557
 		/* parse the table header to get the table length */
6a91557
 		if (count <= sizeof(struct acpi_table_header))
6a91557
-- 
1e63a38
2.1.0
6a91557