APPLIED Re: [PATCH 1/1] Revert "UBUNTU: SAUCE: (lockdown) Add a SysRq option to lift kernel lockdown"
Paolo Pisati
paolo.pisati at canonical.com
Mon Feb 17 16:33:51 UTC 2020
On Fri, Feb 07, 2020 at 08:39:26PM +0000, Tyler Hicks wrote:
> BugLink: https://bugs.launchpad.net/bugs/1861238
>
> This reverts commit de4a78d3b642e5504b28e901b07eb4da6784dd3d.
>
> The original intent behind Lockdown's SysRq support was that the SysRq
> command to lift Lockdown would only be honored if the command was
> physically entered on a keyboard. Attempts to synthetically generate the
> SysRq command, by a software program, were to be ignored since software,
> even running as root, must not have the authorization to lift Lockdown.
>
> Unfortunately, attempts to detect a synthetic SysRq command can be
> thwarted by a privileged process that is able to set up a USB/IP
> connection as the USB/IP connection could be used to lift Lockdown.
>
> Remove the ability to lift Lockdown using SysRq.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Applied to Focal/linux
--
bye,
p.
More information about the kernel-team
mailing list