[PATCH] security issue in firmware system
The firmware loader has a security issue. Firmware on some devices can write to all memory through DMA. Therefore the ability to feed firmware to the kernel is equivalent to writing to /dev/kmem. CAP_SYS_RAWIO is needed to protect itself. [ Editors note: the firmware file is 0644, and owned by root, so this "security issue" is really only an issue for people who use capabilities explicitly, rather than the regular Unix permissions. This patch makes it do the same checks we do for /dev/mem etc. ] Signed-Off-By: Oliver Neukum <oliver@neukum.name> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing
Please register or sign in to comment