2 files changed, 49 insertions, 0 deletions

diff --git a/kernel/kmod.c b/kernel/kmod.c
index 426a614e97fe..0c407f905ca4 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -528,7 +528,12 @@ struct subprocess_info *call_usermodehelper_setup(const char *path, char **argv,
                 goto out;
 
         INIT_WORK(&sub_info->work, call_usermodehelper_exec_work);
+
+#ifdef CONFIG_STATIC_USERMODEHELPER
+        sub_info->path = CONFIG_STATIC_USERMODEHELPER_PATH;
+#else
         sub_info->path = path;
+#endif
         sub_info->argv = argv;
         sub_info->envp = envp;
 
@@ -566,6 +571,15 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
                 retval = -EBUSY;
                 goto out;
         }
+
+        /*
+         * If there is no binary for us to call, then just return and get out of
+         * here.  This allows us to set STATIC_USERMODEHELPER_PATH to "" and
+         * disable all call_usermodehelper() calls.
+         */
+        if (strlen(sub_info->path) == 0)
+                goto out;
+
         /*
          * Set the completion pointer only if there is a waiter.
          * This makes it possible to use umh_complete to free
diff --git a/security/Kconfig b/security/Kconfig
index 118f4549404e..d900f47eaa68 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -158,6 +158,41 @@ config HARDENED_USERCOPY_PAGESPAN
           been removed. This config is intended to be used only while
           trying to find such users.
 
+config STATIC_USERMODEHELPER
+        bool "Force all usermode helper calls through a single binary"
+        help
+          By default, the kernel can call many different userspace
+          binary programs through the "usermode helper" kernel
+          interface.  Some of these binaries are statically defined
+          either in the kernel code itself, or as a kernel configuration
+          option.  However, some of these are dynamically created at
+          runtime, or can be modified after the kernel has started up.
+          To provide an additional layer of security, route all of these
+          calls through a single executable that can not have its name
+          changed.
+
+          Note, it is up to this single binary to then call the relevant
+          "real" usermode helper binary, based on the first argument
+          passed to it.  If desired, this program can filter and pick
+          and choose what real programs are called.
+
+          If you wish for all usermode helper programs are to be
+          disabled, choose this option and then set
+          STATIC_USERMODEHELPER_PATH to an empty string.
+
+config STATIC_USERMODEHELPER_PATH
+        string "Path to the static usermode helper binary"
+        depends on STATIC_USERMODEHELPER
+        default "/sbin/usermode-helper"
+        help
+          The binary called by the kernel when any usermode helper
+          program is wish to be run.  The "real" application's name will
+          be in the first argument passed to this program on the command
+          line.
+
+          If you wish for all usermode helper programs to be disabled,
+          specify an empty string here (i.e. "").
+
 source security/selinux/Kconfig
 source security/smack/Kconfig
 source security/tomoyo/Kconfig