Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Wed Feb 13 2013 - 12:26:55 EST

Next message: Matthias Schniedermeyer: "Re: [regression] external HDD in USB3 enclosure cannot bedynamically removed (Re: Linux 3.7.5)"
Previous message: Vivek Goyal: "Re: [PATCH 2/2] ima: Support appraise_type=imasig_optional"
In reply to: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: Casey Schaufler: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2013-02-13 at 09:20 -0800, H. Peter Anvin wrote:

> Problem:
>
> Someone adds SYS_CAP_RAWIO to some places it definitely does not
> belong.
>
> Solution:
>
> Break all the *appropriate* (as defined)uses of SYS_CAP_RAWIO?

Problem:

CAP_SYS_RAWIO has been used in a bunch of arguably inappropriate places.
Removing CAP_SYS_RAWIO from the set of possible capabilities on a system
will prevent userspace from doing things that userspace should be
permitted to do. Removing CAP_SYS_RAWIO from the places that it
currently exists will allow userspace to do too much. Replacing
CAP_SYS_RAWIO with CAP_SYS_ADMIN will prevent userspace from doing
things that it can currently do.

Solution:

Admit that CAP_SYS_RAWIO is fucked up beyond rescue. Add a new
capability with well-defined semantics.
èº{.nÇ+‰·Ÿ®‰†+%ŠËlzwm…ébëæìr¸›zX§»®w¥Š{ayºÊÚë,j¢f£¢·hš‹àz¹®w¥¢¸¢·¦j:+v‰¨ŠwèjØm¶Ÿÿ¾«‘êçzZ+ƒùšŽŠÝj"ú!¶iO•æ¬z·švØ^¶m§ÿðÃnÆàþY&—

Next message: Matthias Schniedermeyer: "Re: [regression] external HDD in USB3 enclosure cannot bedynamically removed (Re: Linux 3.7.5)"
Previous message: Vivek Goyal: "Re: [PATCH 2/2] ima: Support appraise_type=imasig_optional"
In reply to: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: Casey Schaufler: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]