Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Matthew Garrett
Date: Wed Feb 13 2013 - 00:39:37 EST
On Tue, 2013-02-12 at 16:48 -0800, H. Peter Anvin wrote:
> OK... what none of this gets into:
> Why should CAP_RAWIO be allowed on a secure boot system, when there are
> 2^n known ways of compromise a system with CAP_RAWIO?
CAP_SYS_RAWIO seems to have ended up being a catchall of "Maybe someone
who isn't entirely root should be able to do this", and not everything
it covers is equivalent to being able to compromise the running kernel.
I wouldn't argue with the idea that maybe we should just reappraise most
of the current uses of CAP_SYS_RAWIO, but removing capability checks
from places that currently have them seems like an invitation for