Re: [Security] [PATCH] power: disable hibernation if moduleloading is disabled

[Vasiliy Kulikov]

On Fri, Mar 04, 2011 at 13:27 -0800, Greg KH wrote:
> On Fri, Mar 04, 2011 at 07:11:24PM +0300, Vasiliy Kulikov wrote:
> > If /proc/sys/kernel/modules_disabled is set to 1, then nobody (even full
> > root) may not read/write arbitrary kernel memory.  In spite of it,
> > hibernation allows anyone with an access to either /dev/snapshot or
> > /sys/power/ make the full snapshot of the system.  This snapshot may be
> > freely changed and uploaded back.
> 
> This sounds like a very unintentional change to the "don't load any
> modules" option, right?  If so, you should really document this
> somewhere, otherwise people are going to get very confused when their
> system suspends suddenly stop working for no obvious reason.

Agreed, thank you.  Is Documentation/sysctl/kernel.txt an appropriate
place?

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/