Component Type: kbuild config

Description: Force all usermode helper calls through a single binary

More info: By default, the kernel can call many different userspace binary programs through the "usermode helper" kernel interface. Some of these binaries are statically defined either in the kernel code itself, or as a kernel configuration option. However, some of these are dynamically created at runtime, or can be modified after the kernel has started up. To provide an additional layer of security, route all of these calls through a single executable that can not have its name changed. Note, it is up to this single binary to then call the relevant "real" usermode helper binary, based on the first argument passed to it. If desired, this program can filter and pick and choose what real programs are called. If you wish for all usermode helper programs are to be disabled, choose this option and then set STATIC_USERMODEHELPER_PATH to an empty string.

Build project: Kconfig (Linux kconfig) (Path: security\Kconfig )

Other views: file explorer