Kees Cook 13752fe2d7 security: introduce kernel_fw_from_file hook ...

In order to validate the contents of firmware being loaded, there must be
a hook to evaluate any loaded firmware that wasn't built into the kernel
itself. Without this, there is a risk that a root user could load malicious
firmware designed to mount an attack against kernel memory (e.g. via DMA).

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Takashi Iwai <tiwai@suse.de>

2014-07-25 11:47:45 -07:00

..

apparmor

sched: move no_new_privs into new atomic flags

2014-07-18 12:13:38 -07:00

integrity

ima: define '.ima' as a builtin 'trusted' keyring

2014-07-17 09:35:17 -04:00

keys

Merge branch 'keys-fixes' into keys-next

2014-07-22 21:55:45 +01:00

selinux

Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next

2014-07-19 17:39:19 +10:00

smack

Merge branch 'smack-for-3.16' of git://git.gitorious.org/smack-next/kernel into next

2014-05-20 14:50:09 +10:00

tomoyo

get rid of pointless checks for NULL ->i_op

2014-04-01 23:19:16 -04:00

yama

yama: Better permission check for ptraceme

2013-03-26 13:17:58 -07:00

capability.c

security: introduce kernel_fw_from_file hook

2014-07-25 11:47:45 -07:00

commoncap.c

CAPABILITIES: remove undefined caps from all processes

2014-07-24 21:53:47 +10:00

device_cgroup.c

device_cgroup: use css_has_online_children() instead of has_children()

2014-05-16 13:22:52 -04:00

inode.c

securityfs: fix object creation races

2012-01-10 10:20:35 -05:00

Kconfig

security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64

2014-02-05 14:59:14 +00:00

lsm_audit.c

audit: anchor all pid references in the initial pid namespace

2014-03-20 10:11:55 -04:00

Makefile

security: cleanup Makefiles to use standard syntax for specifying sub-directories

2014-02-17 11:08:04 +11:00

min_addr.c

mmap_min_addr check CAP_SYS_RAWIO only for write

2010-04-23 08:56:31 +10:00

security.c

security: introduce kernel_fw_from_file hook

2014-07-25 11:47:45 -07:00