From: Matthew Garrett <matthew.garr...@nebula.com>
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garr...@nebula.com>
---
kernel/kexec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6..fce28bf7d5d7 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -12,6 +12,7 @@
#include <linux/mm.h>
#include <linux/file.h>
#include <linux/kexec.h>
+#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/list.h>
#include <linux/syscalls.h>
@@ -194,6 +195,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned
long, nr_segments,
return -EPERM;
/*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
2.9.3
_______________________________________________
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
