Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Kees Cook
Date: Fri Feb 08 2013 - 14:21:48 EST
On Fri, Feb 8, 2013 at 11:17 AM, Matthew Garrett
<matthew.garrett@xxxxxxxxxx> wrote:
> On Fri, 2013-02-08 at 11:12 -0800, Kees Cook wrote:
>> Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
>> set since it could lead to execution of arbitrary code in kernel mode.
>
> Willing to buy this, but do you have a description of one potential
> approach? We should probably also figure out what's writing to MSRs at
> the moment (anything other than energy_perf_bias?) and decide what the
> best thing to do there is.
Yes, change the SYSENTER entry point to where-ever you like. There are
examples already written:
http://grsecurity.net/~spender/msr32.c
IMO, _writing_ an MSR from userspace should be considered a bug. If
writing is needed, a kernel driver should be mediating the change.
wrmsr (and rdmsr) are ring-0 only for good reason. :)
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/