Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Casey Schaufler
Date: Wed Feb 13 2013 - 12:50:58 EST
On 2/13/2013 9:26 AM, Matthew Garrett wrote:
> On Wed, 2013-02-13 at 09:20 -0800, H. Peter Anvin wrote:
>> Someone adds SYS_CAP_RAWIO to some places it definitely does not
>> Break all the *appropriate* (as defined)uses of SYS_CAP_RAWIO?
> CAP_SYS_RAWIO has been used in a bunch of arguably inappropriate places.
> Removing CAP_SYS_RAWIO from the set of possible capabilities on a system
> will prevent userspace from doing things that userspace should be
> permitted to do. Removing CAP_SYS_RAWIO from the places that it
> currently exists will allow userspace to do too much. Replacing
> CAP_SYS_RAWIO with CAP_SYS_ADMIN will prevent userspace from doing
> things that it can currently do.
> Admit that CAP_SYS_RAWIO is fucked up beyond rescue. Add a new
> capability with well-defined semantics.
You can't add a new capability where there is an existing capability
that can be remotely argued to be appropriate.
If you tried to "fix" CAP_SYS_RAWIO and/or CAP_SYS_ADMIN you'd end
up with hundreds of capabilities.
Your particular problem is *not* so important that you get a
capability all to yourself.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/