[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 011/117] commands/hdparm: Restrict hdparm command when l
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 011/117] commands/hdparm: Restrict hdparm command when locked down |
Date: |
Tue, 2 Mar 2021 19:00:18 +0100 |
From: Javier Martinez Canillas <javierm@redhat.com>
The command can be used to get/set ATA disk parameters. Some of these can
be dangerous since change the disk behavior. Restrict it when locked down.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/hdparm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c
index d3fa9661e..2e2319e64 100644
--- a/grub-core/commands/hdparm.c
+++ b/grub-core/commands/hdparm.c
@@ -436,9 +436,9 @@ static grub_extcmd_t cmd;
GRUB_MOD_INIT(hdparm)
{
- cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0,
- N_("[OPTIONS] DISK"),
- N_("Get/set ATA disk parameters."), options);
+ cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0,
+ N_("[OPTIONS] DISK"),
+ N_("Get/set ATA disk parameters."),
options);
}
GRUB_MOD_FINI(hdparm)
--
2.11.0
- [SECURITY PATCH 005/117] efi: Lockdown the GRUB when the UEFI Secure Boot is enabled, (continued)
- [SECURITY PATCH 005/117] efi: Lockdown the GRUB when the UEFI Secure Boot is enabled, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 003/117] kern: Add lockdown support, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 006/117] efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 008/117] mmap: Don't register cutmem and badram commands when lockdown is enforced, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 007/117] acpi: Don't register the acpi command when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 009/117] commands: Restrict commands that can load BIOS or DT blobs when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 010/117] commands/setpci: Restrict setpci command when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 012/117] gdb: Restrict GDB access when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 015/117] dl: Only allow unloading modules that are not dependencies, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 013/117] loader/xnu: Don't allow loading extension and packages when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 011/117] commands/hdparm: Restrict hdparm command when locked down,
Daniel Kiper <=
- [SECURITY PATCH 014/117] docs: Document the cutmem command, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 021/117] kern/efi: Fix memory leak on failure, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 019/117] net/tftp: Fix dangling memory pointer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 018/117] net/net: Fix possible dereference to of a NULL pointer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 024/117] gnulib/regcomp: Fix uninitialized token structure, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 020/117] kern/parser: Fix resource leak if argc == 0, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 022/117] kern/efi/mm: Fix possible NULL pointer dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly NULL state, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 016/117] usb: Avoid possible out-of-bound accesses caused by malicious devices, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 017/117] mmap: Fix memory leak when iterating over mapped memory, Daniel Kiper, 2021/03/02