[PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
mjg59 at google.com
Thu Jun 27 15:30:52 UTC 2019
On Wed, Jun 26, 2019 at 6:49 PM Daniel Axtens <dja at axtens.net> wrote:
>
> Matthew Garrett <matthewgarrett at google.com> writes:
> > + if (kp->flags & KERNEL_PARAM_FL_HWPARAM &&
> > + security_locked_down(LOCKDOWN_MODULE_PARAMETERS))
> > + return false;
> > + return true;
> > }
>
> Should this test occur before tainting the kernel?
Seems reasonable.
More information about the Linux-security-module-archive
mailing list