Commit e464994b authored by Xiangyu Lu's avatar Xiangyu Lu Committed by Yi Yang
Browse files

security: restrict init parameters by configuration 

euler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I8OYXL


CVE: NA

---------------------------------

Linux kernel allow to specify a single-user mode, or specify the init process by
init parameter, which could bypass the login authentication mechanisms, direct
access to root identify. Close init kernel boot parameters through
CONFIG_SECURITY_BOOT_INIT.

Signed-off-by: default avatarXiangyu Lu <luxiangyu@huawei.com>
Reviewed-by: default avatarWang Kai <morgan.wang@huawei.com>
Signed-off-by: default avatarWeilong Chen <chenweilong@huawei.com>
[hj: backport from hulk-3.10 for security enhancement]
Signed-off-by: default avatarHanjun Guo <hanjun.guo@linaro.org>
Signed-off-by: default avatargaobo <gaobo794@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
Acked-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Signed-off-by: default avatarYi Yang <yiyang13@huawei.com>
parent 80971b57
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment