[PATCH 1/1] UBUNTU: Disable DEVKMEM for all archs on Jaunty

Tim Gardner tim.gardner at canonical.com
Fri Apr 3 15:34:06 BST 2009


Amit Kucheria wrote:
> Bug: #354221
> 
> Enabling /dev/kmem is a security risk. Disable it for all kernel flavours.
> 
> Signed-off-by: Amit Kucheria <amit.kucheria at canonical.com>
> ---
>  debian/config/amd64/config |    2 +-
>  debian/config/armel/config |    2 +-
>  debian/config/i386/config  |    2 +-
>  debian/config/lpia/config  |    2 +-
>  4 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/debian/config/amd64/config b/debian/config/amd64/config
> index 809a65a..600f7d0 100644
> --- a/debian/config/amd64/config
> +++ b/debian/config/amd64/config
> @@ -586,7 +586,7 @@ CONFIG_DEFXX=m
>  # CONFIG_DEFXX_MMIO is not set
>  CONFIG_DELL_RBU=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DEV_APPLETALK=m
>  CONFIG_DE_AOC=y
> diff --git a/debian/config/armel/config b/debian/config/armel/config
> index 47bd110..de3a8d5 100644
> --- a/debian/config/armel/config
> +++ b/debian/config/armel/config
> @@ -102,7 +102,7 @@ CONFIG_CRYPTO_HW=y
>  # CONFIG_DEFAULT_NOOP is not set
>  CONFIG_DEFAULT_TCP_CONG="cubic"
>  CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  # CONFIG_DISCONTIGMEM_MANUAL is not set
>  # CONFIG_DISPLAY_SUPPORT is not set
>  # CONFIG_DM9000 is not set
> diff --git a/debian/config/i386/config b/debian/config/i386/config
> index 5bf3ca3..36b6132 100644
> --- a/debian/config/i386/config
> +++ b/debian/config/i386/config
> @@ -617,7 +617,7 @@ CONFIG_DEFXX=m
>  CONFIG_DELL_RBU=m
>  CONFIG_DEPCA=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DEV_APPLETALK=m
>  CONFIG_DE_AOC=y
> diff --git a/debian/config/lpia/config b/debian/config/lpia/config
> index dec47a5..35137bb 100644
> --- a/debian/config/lpia/config
> +++ b/debian/config/lpia/config
> @@ -555,7 +555,7 @@ CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
>  CONFIG_DELL_RBU=m
>  CONFIG_DEPCA=m
>  CONFIG_DETECT_SOFTLOCKUP=y
> -CONFIG_DEVKMEM=y
> +# CONFIG_DEVKMEM is not set
>  CONFIG_DEVPORT=y
>  CONFIG_DIGIEPCA=m
>  # CONFIG_DISCONTIGMEM_MANUAL is not set

ACK

-- 
Tim Gardner tim.gardner at canonical.com



More information about the kernel-team mailing list