Should PCI "new_id" support be disabled when kernel is locked down?

Ian Abbott abbotti at mev.co.uk
Wed Sep 4 15:59:47 UTC 2019


Hello,

The "new_id" PCI driver sysfs attribute can be used to make an arbitrary 
PCI driver match an arbitrary PCI vendor/device ID.  That could easily 
crash the kernel or at least make it do weird things if used 
inappropriately.  Is this scenario in scope for the "lockdown" security 
module?

-- 
-=( Ian Abbott <abbotti at mev.co.uk> || Web: www.mev.co.uk )=-
-=( MEV Ltd. is a company registered in England & Wales. )=-
-=( Registered number: 02862268.  Registered address:    )=-
-=( 15 West Park Road, Bramhall, STOCKPORT, SK7 3JZ, UK. )=-



More information about the Linux-security-module-archive mailing list