Re: [PATCH] x86: Lock down MSR writing in secure boot
[Posted March 12, 2013 by mkerrisk]
| From: |
| Matthew Garrett <matthew.garrett-AT-nebula.com> |
| To: |
| "H. Peter Anvin" <hpa-AT-zytor.com> |
| Subject: |
| Re: [PATCH] x86: Lock down MSR writing in secure boot |
| Date: |
| Wed, 13 Feb 2013 17:26:39 +0000 |
| Message-ID: |
| <1360776399.18083.39.camel@x230.lan> |
| Cc: |
| Borislav Petkov <bp-AT-alien8.de>, Kees Cook <keescook-AT-chromium.org>,
LKML <linux-kernel-AT-vger.kernel.org>,
Thomas Gleixner <tglx-AT-linutronix.de>,
Ingo Molnar <mingo-AT-redhat.com>,
"x86-AT-kernel.org" <x86-AT-kernel.org>,
"linux-efi-AT-vger.kernel.org" <linux-efi-AT-vger.kernel.org>,
linux-security-module <linux-security-module-AT-vger.kernel.org> |
| Archive‑link: | |
Article |
On Wed, 2013-02-13 at 09:20 -0800, H. Peter Anvin wrote:
> Problem:
>
> Someone adds SYS_CAP_RAWIO to some places it definitely does not
> belong.
>
> Solution:
>
> Break all the *appropriate* (as defined)uses of SYS_CAP_RAWIO?
Problem:
CAP_SYS_RAWIO has been used in a bunch of arguably inappropriate places.
Removing CAP_SYS_RAWIO from the set of possible capabilities on a system
will prevent userspace from doing things that userspace should be
permitted to do. Removing CAP_SYS_RAWIO from the places that it
currently exists will allow userspace to do too much. Replacing
CAP_SYS_RAWIO with CAP_SYS_ADMIN will prevent userspace from doing
things that it can currently do.
Solution:
Admit that CAP_SYS_RAWIO is fucked up beyond rescue. Add a new
capability with well-defined semantics.
