Commit 9b9d8dda authored by Matthew Garrett's avatar Matthew Garrett Committed by James Morris
Browse files

lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down 



Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.

Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked down to prevent this.

Also disallow /dev/port from being opened to prevent raw ioport access and
thus DMA from being used to accomplish the same thing.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Cc: x86@kernel.org
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 49fcf732

drivers/char/mem.c

+5 −2
Original line number Diff line number Diff line
@@ -29,8 +29,8 @@ 
#include <linux/export.h>

#include <linux/io.h>

#include <linux/uio.h>



#include <linux/uaccess.h>

#include <linux/security.h>



#ifdef CONFIG_IA64

# include <linux/efi.h>
@@ -786,7 +786,10 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) 


static int open_port(struct inode *inode, struct file *filp)

{

	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;

	if (!capable(CAP_SYS_RAWIO))

		return -EPERM;



	return security_locked_down(LOCKDOWN_DEV_MEM);

}



#define zero_lseek	null_lseek

include/linux/security.h

+1 −0
Original line number Diff line number Diff line
@@ -104,6 +104,7 @@ enum lsm_event { 
enum lockdown_reason {

	LOCKDOWN_NONE,

	LOCKDOWN_MODULE_SIGNATURE,

	LOCKDOWN_DEV_MEM,

	LOCKDOWN_INTEGRITY_MAX,

	LOCKDOWN_CONFIDENTIALITY_MAX,

};

security/lockdown/lockdown.c

+1 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ static enum lockdown_reason kernel_locked_down; 
static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {

	[LOCKDOWN_NONE] = "none",

	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",

	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",

	[LOCKDOWN_INTEGRITY_MAX] = "integrity",

	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",

};

CRA Git | Maintained and supported by SUSTech CRA and CCSE