lp:~sforshee/ubuntu/+source/linux/+git/eoan

Owned by Seth Forshee
Get this repository:
git clone https://git.launchpad.net/~sforshee/ubuntu/+source/linux/+git/eoan
Only Seth Forshee can upload to this repository. If you are Seth Forshee please log in for upload directions.

Branches

Name Last Modified Last Commit
lockdown-updates 2020-06-16 21:13:22 UTC 2020-06-16
UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down

Author: Jason A. Donenfeld
Author Date: 2020-06-15 10:43:32 UTC

UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down

Like other vectors already patched, this one here allows the root user
to load ACPI tables, which enables arbitrary physical address writes,
which in turn makes it possible to disable lockdown. This patch prevents
this by checking the lockdown status before allowing a new ACPI table to be
installed. The link in the trailer shows a PoC of how this might be
used.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: stable@vger.kernel.org
Link: https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Link: https://lore.kernel.org/lkml/20200615104332.901519-1-Jason@zx2c4.com/
[ saf: Backport to older lockdown implementation ]
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

11 of 1 result
This repository contains Public information 
Everyone can see this information.

Subscribers