LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH] x86: Lock down MSR writing in secure boot

[Posted March 12, 2013 by mkerrisk]

From:  Matthew Garrett <matthew.garrett-AT-nebula.com>
To:  "H. Peter Anvin" <hpa-AT-zytor.com>
Subject:  Re: [PATCH] x86: Lock down MSR writing in secure boot
Date:  Wed, 13 Feb 2013 05:39:22 +0000
Message-ID:  <1360733962.18083.30.camel@x230.lan>
Cc:  Borislav Petkov <bp-AT-alien8.de>, Kees Cook <keescook-AT-chromium.org>, LKML <linux-kernel-AT-vger.kernel.org>, Thomas Gleixner <tglx-AT-linutronix.de>, Ingo Molnar <mingo-AT-redhat.com>, "x86-AT-kernel.org" <x86-AT-kernel.org>, "linux-efi-AT-vger.kernel.org" <linux-efi-AT-vger.kernel.org>, linux-security-module <linux-security-module-AT-vger.kernel.org>
Archive-link:  Article, Thread 

On Tue, 2013-02-12 at 16:48 -0800, H. Peter Anvin wrote:

> OK... what none of this gets into:
> 
> Why should CAP_RAWIO be allowed on a secure boot system, when there are
> 2^n known ways of compromise a system with CAP_RAWIO?

CAP_SYS_RAWIO seems to have ended up being a catchall of "Maybe someone
who isn't entirely root should be able to do this", and not everything
it covers is equivalent to being able to compromise the running kernel.
I wouldn't argue with the idea that maybe we should just reappraise most
of the current uses of CAP_SYS_RAWIO, but removing capability checks
from places that currently have them seems like an invitation for
userspace breakage.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds