Received: by 10.223.185.116 with SMTP id b49csp1179526wrg; Fri, 16 Feb 2018 14:00:34 -0800 (PST) X-Google-Smtp-Source: AH8x225YMeFjb3tBNkFnhYXX9W5P/qXBWmMdrljoOWG9TvnZkVBEyYSbNvQO+pEQZGjOgxUL58VJ X-Received: by 2002:a17:902:c5:: with SMTP id a63-v6mr7205729pla.391.1518818434097; Fri, 16 Feb 2018 14:00:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518818434; cv=none; d=google.com; s=arc-20160816; b=xro850LNZKxbYG9mpJJmEwWQjePDRpHSqvRnhMdC+XnBQ9SH1b8278mLyHZlShjtFm eVe1XuwVyLxIHb9dDHiBz2FfCcg2c53NjocB5AXoKl9mkfHX5lTceg1Yq2vBia2SjJiQ 926hvpXLMZ3gsLvUQWouoZM1y3neq5S6hUB0U5RTVilBx1twk1YTZJoduuPJfpOPSLOM J6vRrvYrEji6vpipx/PTWVOW02U5rZ71480GJVMFYcH2c8FqqOiEHYbPXpcdYw31RS4e 65II+j2xXKxjnH2Tyjlw5U3X/CuIXKFfR5HFlwTtdEphm2xdEoPIM3kUSQHr2BdICrLx 9JdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=UFLajVl3AgWGB3iLzx7U3t9cz+u1vqbKmKRJ3UjYBlk=; b=z3Ek2zgBM41mVIbMGh7vnuDOiXYMHS3EyIx+bl0y0ZJP8NljAlb/3WjSjx72+bdjSx ZAs146l/k+Js6sK7RTGze4bwRqEhrHo3CeQzs/0yK/XtAR5lZ0DvNxoMKtZFSCoJj4q8 rvrhBkrELjYnJrY/+MhhDrNsk0QfMJqjV/DhC9rm2UfiZZT13Hps1m3D5ngpvz7vtVPu f7qUs+0Av1OdnX9NMmedd0kOAfkIJ4WaCCw83GK1JvWnGzVGnxvaswOWKQv59FC9pCj8 ZFv4zKaRLwLDoBHw1LaAj61A3s0NcF9S3cBLLSYnYUQM2E4M/bsoXxRQqU0mJ6RuTh32 xIuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b/e3mISu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g1-v6si1821159pld.236.2018.02.16.14.00.19; Fri, 16 Feb 2018 14:00:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b/e3mISu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750955AbeBPV6t (ORCPT + 99 others); Fri, 16 Feb 2018 16:58:49 -0500 Received: from mail-it0-f45.google.com ([209.85.214.45]:50752 "EHLO mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750808AbeBPV6r (ORCPT ); Fri, 16 Feb 2018 16:58:47 -0500 Received: by mail-it0-f45.google.com with SMTP id y16so3405845itc.0 for ; Fri, 16 Feb 2018 13:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UFLajVl3AgWGB3iLzx7U3t9cz+u1vqbKmKRJ3UjYBlk=; b=b/e3mISuiesU3iQc0gwfaWwWw/gEFJGpPgzkXMsPDC+8S0AwwowhVX5+cM7upW3I2m uRTkYDi8hwrybPLoJSXpgtv+SYssc9/gdgDdhRqfbvs2TZ9uHys9n8KC2AiMU8IMLw1M cAteDCf/oZA4y53d0hohsSDakpkb7UFl7Lt5tKWIKJ10eRlikWNYYCfNQMXXduLFPmyU 7ksWW6m4etrCblzRtIEZnXGFJek0z81e1HNHlWO1GFOvNmrjzqKgSrhMaPRBYgQGIyq/ h5rO6vGdTl8jhUKTD118eps744IHyvorEoTKrkQJbO7clY7y+eIGNDTq4GvLf7Oi9GpT +gzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UFLajVl3AgWGB3iLzx7U3t9cz+u1vqbKmKRJ3UjYBlk=; b=UlKI2qY/3sUdjNHQrgaDB44kR/B14KIDfS9X92nhC7NO6gODNNTN6Y2jrR4VaxPoCe cttjrzaHRFMUQ+fIz0Lx9u3CURTHbUIIDLhSO2knbwWXMtvJXt1WTK73sDmtaF0F/AQD je/B6GepzQ0CN3FNA4CzSFIJ8mR7470rfQka04AGgSGDVr9UMn+nlsLObb+xOQrxq3v7 paWKJ2kVWVaJ1aftLopfW+4XcYqWn2oJg/DIjmzPQkQfKh3SC2NfbTG8gloAndoIaW5J 0aUaKeyIw2a//aUTuxTlPTJMqS6e923TXhh2/VSMe0V2TgTzlCur7Sne+joCeqohB/j1 Axwg== X-Gm-Message-State: APf1xPBlX6d4AeIhlY5ou3cIq5zuShMD9aNF/qKzHAfsIeTjXKXFm+Gt 7WfDFIwPWEi3ay2ucGZR6jr+W3Xvj+13qgn+JEbqbQ== X-Received: by 10.36.199.194 with SMTP id t185mr8715576itg.152.1518818326493; Fri, 16 Feb 2018 13:58:46 -0800 (PST) MIME-Version: 1.0 References: <20180215182208.35003-1-joe.konno@linux.intel.com> <1518814319.4419.10.camel@HansenPartnership.com> <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com> In-Reply-To: From: Matthew Garrett Date: Fri, 16 Feb 2018 21:58:35 +0000 Message-ID: Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs To: luto@kernel.org Cc: tony.luck@intel.com, James Bottomley , Ard Biesheuvel , joe.konno@linux.intel.com, mingo@kernel.org, bp@alien8.de, linux-efi , Linux Kernel Mailing List , jk@ozlabs.org, ak@linux.intel.com, benjamin.drung@profitbricks.com, pjones@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 1:45 PM Andy Lutomirski wrote: > I'm going to go out on a limb and suggest that the fact that > unprivileged users can read efi variables at all is a mistake > regardless of SMI issues. Why? They should never contain sensitive material. > Also, chmod() just shouldn't work on efi variables, and the mode > passed to creat() should be ignored. After all, there's no backing > store for the mode. If the default is 600 then it makes sense to allow a privileged service to selectively make certain variables world readable at runtime.