summaryrefslogtreecommitdiff
path: root/drivers/acpi/Kconfig
diff options
context:
space:
mode:
authorThomas Renninger <trenn@suse.de>2011-05-26 12:26:24 +0200
committerLen Brown <len.brown@intel.com>2011-05-29 01:50:40 -0400
commit526b4af47f44148c9d665e57723ed9f86634c6e3 (patch)
tree7906a3b45703aa730d5e7ebadc36a55aee5417ca /drivers/acpi/Kconfig
parentaecad432fd68dafa5b3b497c4816fbfce6fd4066 (diff)
downloadlinux-stable-526b4af47f44148c9d665e57723ed9f86634c6e3.tar.gz
linux-stable-526b4af47f44148c9d665e57723ed9f86634c6e3.tar.bz2
linux-stable-526b4af47f44148c9d665e57723ed9f86634c6e3.zip
ACPI: Split out custom_method functionality into an own driver
With /sys/kernel/debug/acpi/custom_method root can write to arbitrary memory and increase his priveleges, even if these are restricted. -> Make this an own debug .config option and warn about the security issue in the config description. -> Still keep acpi/debugfs.c which now only creates an empty /sys/kernel/debug/acpi directory. There might be other users of it later. Signed-off-by: Thomas Renninger <trenn@suse.de> Acked-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: rui.zhang@intel.com Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'drivers/acpi/Kconfig')
-rw-r--r--drivers/acpi/Kconfig15
1 files changed, 15 insertions, 0 deletions
diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
index 3a17ca5fff6f..d918e130bef3 100644
--- a/drivers/acpi/Kconfig
+++ b/drivers/acpi/Kconfig
@@ -380,6 +380,21 @@ config ACPI_HED
which is used to report some hardware errors notified via
SCI, mainly the corrected errors.
+config ACPI_CUSTOM_METHOD
+ tristate "Allow ACPI methods to be inserted/replaced at run time"
+ depends on DEBUG_FS
+ default n
+ help
+ This debug facility allows ACPI AML methods to me inserted and/or
+ replaced without rebooting the system. For details refer to:
+ Documentation/acpi/method-customizing.txt.
+
+ NOTE: This option is security sensitive, because it allows arbitrary
+ kernel memory to be written to by root (uid=0) users, allowing them
+ to bypass certain security measures (e.g. if root is not allowed to
+ load additional kernel modules after boot, this feature may be used
+ to override that restriction).
+
source "drivers/acpi/apei/Kconfig"
endif # ACPI