path: root/Documentation/acpi
diff options
authorThomas Renninger <trenn@suse.de>2011-05-26 12:26:24 +0200
committerLen Brown <len.brown@intel.com>2011-05-29 01:50:40 -0400
commit526b4af47f44148c9d665e57723ed9f86634c6e3 (patch)
tree7906a3b45703aa730d5e7ebadc36a55aee5417ca /Documentation/acpi
parentaecad432fd68dafa5b3b497c4816fbfce6fd4066 (diff)
ACPI: Split out custom_method functionality into an own driver
With /sys/kernel/debug/acpi/custom_method root can write to arbitrary memory and increase his priveleges, even if these are restricted. -> Make this an own debug .config option and warn about the security issue in the config description. -> Still keep acpi/debugfs.c which now only creates an empty /sys/kernel/debug/acpi directory. There might be other users of it later. Signed-off-by: Thomas Renninger <trenn@suse.de> Acked-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: rui.zhang@intel.com Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'Documentation/acpi')
1 files changed, 5 insertions, 0 deletions
diff --git a/Documentation/acpi/method-customizing.txt b/Documentation/acpi/method-customizing.txt
index 3e1d25aee3f..5f55373dd53 100644
--- a/Documentation/acpi/method-customizing.txt
+++ b/Documentation/acpi/method-customizing.txt
@@ -66,3 +66,8 @@ Note: We can use a kernel with multiple custom ACPI method running,
But each individual write to debugfs can implement a SINGLE
method override. i.e. if we want to insert/override multiple
ACPI methods, we need to redo step c) ~ g) for multiple times.
+Note: Be aware that root can mis-use this driver to modify arbitrary
+ memory and gain additional rights, if root's privileges got
+ restricted (for example if root is not allowed to load additional
+ modules after boot).