git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit

author	Tyler Hicks <tyhicks@canonical.com>
	Fri, 7 Feb 2020 20:39:26 +0000 (20:39 +0000)
committer	Paolo Pisati <paolo.pisati@canonical.com>
	Mon, 17 Feb 2020 17:04:31 +0000 (18:04 +0100)
commit	64bb190046daa902ae4f3193acad2022bb6fa916
tree	8ce91686dfdfe6dad395c5ca034b5de8f2423ebd	tree
parent	d246a6cfe782fc23078c006b8d85154a7f3266a6	commit \| diff

Revert "UBUNTU: SAUCE: (lockdown) Add a SysRq option to lift kernel lockdown"

BugLink: https://bugs.launchpad.net/bugs/1861238
This reverts commit de4a78d3b642e5504b28e901b07eb4da6784dd3d.

The original intent behind Lockdown's SysRq support was that the SysRq
command to lift Lockdown would only be honored if the command was
physically entered on a keyboard. Attempts to synthetically generate the
SysRq command, by a software program, were to be ignored since software,
even running as root, must not have the authorization to lift Lockdown.

Unfortunately, attempts to detect a synthetic SysRq command can be
thwarted by a privileged process that is able to set up a USB/IP
connection as the USB/IP connection could be used to lift Lockdown.

Remove the ability to lift Lockdown using SysRq.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Sultan Alsawaf <sultan.alsawaf@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

arch/x86/include/asm/setup.h		diff \| blob \| blame \| history
debian.master/config/annotations		diff \| blob \| blame \| history
debian.master/config/config.common.ubuntu		diff \| blob \| blame \| history
drivers/input/misc/uinput.c		diff \| blob \| blame \| history
drivers/tty/sysrq.c		diff \| blob \| blame \| history
include/linux/input.h		diff \| blob \| blame \| history
include/linux/sysrq.h		diff \| blob \| blame \| history
kernel/debug/kdb/kdb_main.c		diff \| blob \| blame \| history
security/lockdown/Kconfig		diff \| blob \| blame \| history
security/lockdown/lockdown.c		diff \| blob \| blame \| history