The kernel commandline used to change LSM parameters is exposed to
sysfs, which does not enforce defined DAC permissions. As a result,
it was possible to disable module locking after boot:
# cd /sys/module/lsm/parameters
# ls -l module_locking
-r-------- 1 root root 4096 Dec 10 14:31
# echo 0 > module_locking
-bash: module_locking: Permission denied
# chmod u+w module_locking
# echo 0 > module_locking
# insmod /tmp/evil.ko
# echo $?
0
BUG=chromium:440990
TEST=test image (with rootfs verification) now ignores sysfs fiddling
Change-Id: Ibdda085960f7bb6bbd1e20c7cbe6678f1d0286cf
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234550
Reviewed-by: Will Drewry <wad@chromium.org>
695d3303d7