Received: by 10.223.185.116 with SMTP id b49csp2017514wrg; Sat, 17 Feb 2018 10:15:26 -0800 (PST) X-Google-Smtp-Source: AH8x227BlYDBBdISr615x02ecGGugqBkbQs/sqOGHq2i5SFQLm6IxGV6gpiRKRmdYSHf7JUnB3wO X-Received: by 2002:a17:902:a617:: with SMTP id u23-v6mr9342158plq.201.1518891326056; Sat, 17 Feb 2018 10:15:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518891326; cv=none; d=google.com; s=arc-20160816; b=BBEH/6vMiXkANdYLkC3OKyZ/3o54vr3ZCv9ymmCF1lT7WeN6YShTR7qoFTbh1jnULJ Bp1/WJStuLwFZShr2gOuPXkDe7r0PMf01KYcAUb9sSOUT9WVX/OK4jXNYS2JeArlrqqV Be7BZ2BQP9ofrCACX96p6Da3RzoXsMmgimg1sGKrVURTjO1R0y91cNw8b94nZkUdubWe zToSAKrjmpZmk/m0NKBbjUN5YB1IozUjVehUckmyQWP0pxV3hEM51zffWkjft2xrVoVz v6Pto5ddL1eCLLHKwS0bg7yBqZLqklv58UMAe3kWg6Ez4bC1NZNu19AMc6il57nryMNW +oCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=sZhCoRv/dPbISZFj0qo/MwgmRLfwTjNDTPYBIosEV28=; b=KD2vxSjHykH2vtDhAhKQkXLp3jhaGDKVJxgMHRbZGn7avpFCrKltDL9vJsT/k8LxPc r62r9bPeZ9N9KmmXp9sZRGkQjrM/3Vxendbrox5u1i/HhbV2qdc1Mopcsj/H2lBJSNfQ lJXhPidmk8ijY4tU4/4WyIN8rHhWkXQMcu6i8mhf+P+YAha0sA41mWfFNZ8kmEdnb/2B J5jmOm1O5ws4FzcP93s1+he6lVTbaEpBmDojmRjmI0tb0Ej0Sfrp7jVyWxq+DDT9Wvix wW/xXQ51oivo1usHVWJsnq1XPp15O5zmdxOZA/W8HfyWzUm8JkTxAD2/DQAVv7aNOS4M chDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k4-v6si4892613pls.182.2018.02.17.10.14.35; Sat, 17 Feb 2018 10:15:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751162AbeBQSMl (ORCPT + 99 others); Sat, 17 Feb 2018 13:12:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:35036 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751029AbeBQSMk (ORCPT ); Sat, 17 Feb 2018 13:12:40 -0500 Received: from mail-io0-f172.google.com (mail-io0-f172.google.com [209.85.223.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C9BCF217A4 for ; Sat, 17 Feb 2018 18:12:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C9BCF217A4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f172.google.com with SMTP id p78so7356738iod.13 for ; Sat, 17 Feb 2018 10:12:39 -0800 (PST) X-Gm-Message-State: APf1xPA7Rwg9LbkoHWwLL/6O8eSx10yW8ylL7G3vdxSCQ+q93tAqgrIq fhhN7IIZQ13tlLVQ/GHNWnea2Ms6fIQUfhrgK27sJQ== X-Received: by 10.107.20.131 with SMTP id 125mr13676987iou.239.1518891159206; Sat, 17 Feb 2018 10:12:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.137.101 with HTTP; Sat, 17 Feb 2018 10:12:18 -0800 (PST) In-Reply-To: References: <20180215182208.35003-1-joe.konno@linux.intel.com> <1518814319.4419.10.camel@HansenPartnership.com> <3908561D78D1C84285E8C5FCA982C28F7B37942B@ORSMSX110.amr.corp.intel.com> <3908561D78D1C84285E8C5FCA982C28F7B3795A3@ORSMSX110.amr.corp.intel.com> From: Andy Lutomirski Date: Sat, 17 Feb 2018 18:12:18 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs To: Matthew Garrett Cc: Tony Luck , Andrew Lutomirski , James Bottomley , Ard Biesheuvel , Joe Konno , Ingo Molnar , Borislav Petkov , linux-efi , Linux Kernel Mailing List , Jeremy Kerr , Andi Kleen , Benjamin Drung , Peter Jones Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 10:03 PM, Matthew Garrett wrote: > On Fri, Feb 16, 2018 at 2:02 PM Luck, Tony wrote: > >> > If the default is 600 then it makes sense to allow a privileged service > to >> > selectively make certain variables world readable at runtime. > >> As soon as you make one variable world readable you are vulnerable to >> a local user launching a DoS attack by reading that variable over and over >> generating a flood of SMIs. > > I'm not terribly worried about untrusted users on my laptop, but I would > prefer to run as little code as root as possible. I think that, for the most part, systemwide configuration should not be accessible to non-root. Unprivileged users, in general, have no legitimate reason to know that my default boot is Boot0000* Fedora HD(1,GPT,ee...,0x800,0x64000)/File(\EFI\fedora\shim.efi). Even more so if I'm network booting. Alternatively, we could call this a distro issue. Distros could easily change the permissions on /sys/firmware/efi/efivars to disallow unprivileged access.