lockdown: Lock down TIOCSSERIAL Lock down TIOCSSERIAL as that can be used to change the ioport and irq settings on a serial port. This only appears to be an issue for the serial drivers that use the core serial code. All other drivers seem to either ignore attempts to change port/irq or give an error. Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> cc: Jiri Slaby <jslaby@suse.com> Cc: linux-serial@vger.kernel.org Signed-off-by: James Morris <jmorris@namei.org>

commit: 794edf30ee6cd088d5f4079b1d4a4cfe5371203e [log] [tgz]
author: David Howells <dhowells@redhat.com> Mon Aug 19 17:17:54 2019 -0700
committer: James Morris <jmorris@namei.org> Mon Aug 19 21:54:16 2019 -0700
tree: 334e6911930274ad592b1620fc0a385f2d532835
parent: 3f19cad3fa0d0fff18ee126f03a80420ae7bcbc9 [diff] [blame]
diff --git a/include/linux/security.h b/include/linux/security.h
index 683f060..b4a85ba 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h

@@ -112,6 +112,7 @@ enum lockdown_reason {
 	LOCKDOWN_MSR,
 	LOCKDOWN_ACPI_TABLES,
 	LOCKDOWN_PCMCIA_CIS,
+	LOCKDOWN_TIOCSSERIAL,
 	LOCKDOWN_INTEGRITY_MAX,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
commit	794edf30ee6cd088d5f4079b1d4a4cfe5371203e	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Mon Aug 19 17:17:54 2019 -0700
committer	James Morris <jmorris@namei.org>	Mon Aug 19 21:54:16 2019 -0700
tree	334e6911930274ad592b1620fc0a385f2d532835
parent	3f19cad3fa0d0fff18ee126f03a80420ae7bcbc9 [diff] [blame]