[PATCH 0/1] Disable DEVKMEM for all archs

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 0/1] Disable DEVKMEM for all archs

Amit Kucheria-6
This patch applies to Intrepid and Jaunty. It disables CONFIG_DEVKMEM for all
archs as this is a regression from Hardy and a security risk

Amit Kucheria (1):
  UBUNTU: Disable DEVKMEM for all archs on Jaunty

 debian/config/amd64/config |    2 +-
 debian/config/armel/config |    2 +-
 debian/config/i386/config  |    2 +-
 debian/config/lpia/config  |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/1] UBUNTU: Disable DEVKMEM for all archs on Jaunty

Amit Kucheria-6
Bug: #354221

Enabling /dev/kmem is a security risk. Disable it for all kernel flavours.

Signed-off-by: Amit Kucheria <[hidden email]>
---
 debian/config/amd64/config |    2 +-
 debian/config/armel/config |    2 +-
 debian/config/i386/config  |    2 +-
 debian/config/lpia/config  |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian/config/amd64/config b/debian/config/amd64/config
index 809a65a..600f7d0 100644
--- a/debian/config/amd64/config
+++ b/debian/config/amd64/config
@@ -586,7 +586,7 @@ CONFIG_DEFXX=m
 # CONFIG_DEFXX_MMIO is not set
 CONFIG_DELL_RBU=m
 CONFIG_DETECT_SOFTLOCKUP=y
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
 CONFIG_DEVPORT=y
 CONFIG_DEV_APPLETALK=m
 CONFIG_DE_AOC=y
diff --git a/debian/config/armel/config b/debian/config/armel/config
index 47bd110..de3a8d5 100644
--- a/debian/config/armel/config
+++ b/debian/config/armel/config
@@ -102,7 +102,7 @@ CONFIG_CRYPTO_HW=y
 # CONFIG_DEFAULT_NOOP is not set
 CONFIG_DEFAULT_TCP_CONG="cubic"
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
 # CONFIG_DISCONTIGMEM_MANUAL is not set
 # CONFIG_DISPLAY_SUPPORT is not set
 # CONFIG_DM9000 is not set
diff --git a/debian/config/i386/config b/debian/config/i386/config
index 5bf3ca3..36b6132 100644
--- a/debian/config/i386/config
+++ b/debian/config/i386/config
@@ -617,7 +617,7 @@ CONFIG_DEFXX=m
 CONFIG_DELL_RBU=m
 CONFIG_DEPCA=m
 CONFIG_DETECT_SOFTLOCKUP=y
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
 CONFIG_DEVPORT=y
 CONFIG_DEV_APPLETALK=m
 CONFIG_DE_AOC=y
diff --git a/debian/config/lpia/config b/debian/config/lpia/config
index dec47a5..35137bb 100644
--- a/debian/config/lpia/config
+++ b/debian/config/lpia/config
@@ -555,7 +555,7 @@ CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
 CONFIG_DELL_RBU=m
 CONFIG_DEPCA=m
 CONFIG_DETECT_SOFTLOCKUP=y
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
 CONFIG_DEVPORT=y
 CONFIG_DIGIEPCA=m
 # CONFIG_DISCONTIGMEM_MANUAL is not set
--
1.5.6.3


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/1] UBUNTU: Disable DEVKMEM for all archs on Intrepid

Amit Kucheria-6
In reply to this post by Amit Kucheria-6
Enabling /dev/kmem is a security risk. Disable it for all kernel flavours.

Signed-off-by: Amit Kucheria <[hidden email]>
---
 debian/config/amd64/config |    2 +-
 debian/config/i386/config  |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/config/amd64/config b/debian/config/amd64/config
index ff25c42..19641ab 100644
--- a/debian/config/amd64/config
+++ b/debian/config/amd64/config
@@ -566,7 +566,7 @@ CONFIG_DEFXX=m
 # CONFIG_DEFXX_MMIO is not set
 CONFIG_DELL_RBU=m
 CONFIG_DETECT_SOFTLOCKUP=y
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
 CONFIG_DEVPORT=y
 CONFIG_DEV_APPLETALK=m
 CONFIG_DE_AOC=y
diff --git a/debian/config/i386/config b/debian/config/i386/config
index 2e3116c..29f7ac4 100644
--- a/debian/config/i386/config
+++ b/debian/config/i386/config
@@ -594,7 +594,7 @@ CONFIG_DEFXX=m
 CONFIG_DELL_RBU=m
 CONFIG_DEPCA=m
 CONFIG_DETECT_SOFTLOCKUP=y
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
 CONFIG_DEVPORT=y
 CONFIG_DEV_APPLETALK=m
 CONFIG_DE_AOC=y
--
1.5.6.3


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/1] Disable DEVKMEM for all archs

Stefan Bader-2
In reply to this post by Amit Kucheria-6
Amit Kucheria wrote:

> This patch applies to Intrepid and Jaunty. It disables CONFIG_DEVKMEM for all
> archs as this is a regression from Hardy and a security risk
>
> Amit Kucheria (1):
>   UBUNTU: Disable DEVKMEM for all archs on Jaunty
>
>  debian/config/amd64/config |    2 +-
>  debian/config/armel/config |    2 +-
>  debian/config/i386/config  |    2 +-
>  debian/config/lpia/config  |    2 +-
>  4 files changed, 4 insertions(+), 4 deletions(-)
>
>
ACK

--

When all other means of communication fail, try words!



--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/1] UBUNTU: Disable DEVKMEM for all archs on Jaunty

Tim Gardner-2
In reply to this post by Amit Kucheria-6
Amit Kucheria wrote:

> Bug: #354221
>
> Enabling /dev/kmem is a security risk. Disable it for all kernel flavours.
>
> Signed-off-by: Amit Kucheria <[hidden email]>
> ---
>  debian/config/amd64/config |    2 +-
>  debian/config/armel/config |    2 +-
>  debian/config/i386/config  |    2 +-
>  debian/config/lpia/config  |    2 +-
>  4 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/debian/config/amd64/config b/debian/config/amd64/config
> index 809a65a..600f7d0 100644
> --- a/debian/config/amd64/config
> +++ b/debian/config/amd64/config
> @@ -586,7 +586,7 @@ CONFIG_DEFXX=m
>  # CONFIG_DEFXX_MMIO is not set
>  CONFIG_DELL_RBU=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DEV_APPLETALK=m
>  CONFIG_DE_AOC=y
> diff --git a/debian/config/armel/config b/debian/config/armel/config
> index 47bd110..de3a8d5 100644
> --- a/debian/config/armel/config
> +++ b/debian/config/armel/config
> @@ -102,7 +102,7 @@ CONFIG_CRYPTO_HW=y
>  # CONFIG_DEFAULT_NOOP is not set
>  CONFIG_DEFAULT_TCP_CONG="cubic"
>  CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  # CONFIG_DISCONTIGMEM_MANUAL is not set
>  # CONFIG_DISPLAY_SUPPORT is not set
>  # CONFIG_DM9000 is not set
> diff --git a/debian/config/i386/config b/debian/config/i386/config
> index 5bf3ca3..36b6132 100644
> --- a/debian/config/i386/config
> +++ b/debian/config/i386/config
> @@ -617,7 +617,7 @@ CONFIG_DEFXX=m
>  CONFIG_DELL_RBU=m
>  CONFIG_DEPCA=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DEV_APPLETALK=m
>  CONFIG_DE_AOC=y
> diff --git a/debian/config/lpia/config b/debian/config/lpia/config
> index dec47a5..35137bb 100644
> --- a/debian/config/lpia/config
> +++ b/debian/config/lpia/config
> @@ -555,7 +555,7 @@ CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
>  CONFIG_DELL_RBU=m
>  CONFIG_DEPCA=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DIGIEPCA=m
>  # CONFIG_DISCONTIGMEM_MANUAL is not set

ACK

--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/1] UBUNTU: Disable DEVKMEM for all archs on Intrepid

Tim Gardner-2
In reply to this post by Amit Kucheria-6
Amit Kucheria wrote:

> Enabling /dev/kmem is a security risk. Disable it for all kernel flavours.
>
> Signed-off-by: Amit Kucheria <[hidden email]>
> ---
>  debian/config/amd64/config |    2 +-
>  debian/config/i386/config  |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/debian/config/amd64/config b/debian/config/amd64/config
> index ff25c42..19641ab 100644
> --- a/debian/config/amd64/config
> +++ b/debian/config/amd64/config
> @@ -566,7 +566,7 @@ CONFIG_DEFXX=m
>  # CONFIG_DEFXX_MMIO is not set
>  CONFIG_DELL_RBU=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DEV_APPLETALK=m
>  CONFIG_DE_AOC=y
> diff --git a/debian/config/i386/config b/debian/config/i386/config
> index 2e3116c..29f7ac4 100644
> --- a/debian/config/i386/config
> +++ b/debian/config/i386/config
> @@ -594,7 +594,7 @@ CONFIG_DEFXX=m
>  CONFIG_DELL_RBU=m
>  CONFIG_DEPCA=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DEV_APPLETALK=m
>  CONFIG_DE_AOC=y

ACK

--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team