Received: by 10.223.185.116 with SMTP id b49csp1114871wrg; Tue, 20 Feb 2018 13:38:38 -0800 (PST) X-Google-Smtp-Source: AH8x227fDELWl2tbkkSWoNSMzIy6/YOWCI4g9Sko9Cwox7u/ernv9Q4/MGr9hWG3mT7lURzUk3u9 X-Received: by 2002:a17:902:8bcb:: with SMTP id r11-v6mr922912plo.242.1519162718647; Tue, 20 Feb 2018 13:38:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519162718; cv=none; d=google.com; s=arc-20160816; b=SoONzStAbF5+3BNNWz0gZNva2NtRrwYgPio7i/F3I321iBDW82nvxiBKSHgPY5F0+U MhX6SpHY7uxNqleQE+Rb3WdYjvsjHyfoMm76WXeUrwg4hTOcXRPTkPnARj16bjpvuT39 ze1ZzCddISvGo/t+q4EHpKkMRzRlUHwW0Dv/TbihZCwFxYTdXzxZyKm1yM/P6JgOMN6f Of0l6eOI3P6PQ8protO1UKyNZ6pxEj2R3edkZb1ns5CWi1l5ay68iz6Fti/qQOypPQeY maHFJ4W1nuCEd2YKd2rBU7x3eaD2IRCv/Cfkbj9KjcxGHnvU28CINzraFEk3uX2AoGP5 pwVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=4XliSw/+x5mbjIgEiUc5bPxe/dYRB0N/QcEwl2NDQ6k=; b=IU1Lpca8jwlgV4koZTjqrezj88kjBZWhx9B20DMW+hXWEjVGYnvIhR2apzZtXqtIWH aWj/SOegrXpZDt3gqTuOrMXPajcNOHyfw9Jcor390yUr5ZGPgsDwqkJIjMGZl90+hHaw 647EjQwf+p4nAF2NqWYZL973Dln47gNFFYwbFuWYrq/geeKFzpBe3IGdE5Sb6IAhtPjl cPn2sbhK/Kt7+AZHSUpR3OuTYrtYdvBSCUJDdjfyIc4tDEiLdLUUkoZ5RwC8ZcK8loWW dnO6wfstVjdxdPDMNddcBsFa//BleBHkGgYO4LMf4KBNDnDtETq+MvWiHcE3LP1KE5fc diKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OIXJLNLN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w10si137769pge.65.2018.02.20.13.38.24; Tue, 20 Feb 2018 13:38:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OIXJLNLN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751245AbeBTVfd (ORCPT + 99 others); Tue, 20 Feb 2018 16:35:33 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:37885 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750710AbeBTVfc (ORCPT ); Tue, 20 Feb 2018 16:35:32 -0500 Received: by mail-io0-f181.google.com with SMTP id t126so16511409iof.4 for ; Tue, 20 Feb 2018 13:35:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4XliSw/+x5mbjIgEiUc5bPxe/dYRB0N/QcEwl2NDQ6k=; b=OIXJLNLN9wDS4Yx5AZ+aYQVfTgdDKzu+rtE/8X4TQV2u6x8VJ04TcvVVcOXz2TBcNE TurvLLXLayw+iZsoV9nz1Fi+VoHIHXdYct/0Pw9+9K5kiH/G7WeNbMcoFPgtgSwAnlh4 5ZmuFxi9uIZWrKrwT7bSDTTSMr9t632Lv5TNaIE/K1vxGUyIeKF1RHjMO8qzH5YchMjJ OEO05DgjOtEx2G9GNVkBgWYarBPED8LcaJeJFxSoBOXji/PuBr4dmF7Hqa8bN73eyzue 3eMH1KZTFPcWKCGsHuEqWkgJW163UbdGeQK0yTcHg3HPU3eFAgN4aw79krIHq83G5TNW bRNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4XliSw/+x5mbjIgEiUc5bPxe/dYRB0N/QcEwl2NDQ6k=; b=nZnABIUF6qh5QV5drVByW5mktN9qydQjagzamPkSRMEtZHWhqIzDpZoARuP/MGj19e 9OoKF5XI2EBaYEJt0r6WoMH38n3sSFGy5ZSzFieFN/eHgVBQgiOAoAMmvBw10ip8M+/D rntNZbp/tC1MBaCixRX4SIGFBjO0kWhEs46hEUVHOs9W2JtZBByfKpCZG/yyHidsM+Vn P7en9RhNeQaAwkJp1j/nbtXq/Rv6uX2FfQspdly9E1q++A0yCic0R5dUoGzjexAGWVJW +VIcM9TIsYA62kPkwMW5FOcZ/AT+xrz8guU+FZMX8roAt4b0cM7vpGAw4cYy+0rcorDw 0Q0g== X-Gm-Message-State: APf1xPBT8qNe4QGAyeKTHkGyisNvHOoNfRGb6s5QBiHHwqFuUjCqec2r kdDmDg8oqF7z0UaySFQU8CkvZHmp/I/oUIEfwOm3vA== X-Received: by 10.107.14.143 with SMTP id 137mr1421679ioo.43.1519162531073; Tue, 20 Feb 2018 13:35:31 -0800 (PST) MIME-Version: 1.0 References: <20180215182208.35003-1-joe.konno@linux.intel.com> <20180215182208.35003-2-joe.konno@linux.intel.com> <6680a760-eb30-4daf-2dad-a9628f1c15a8@kernel.org> <20180220211849.fqjb6rdmypl6opir@agluck-desk> <20180220213246.43y2vbiiikqyx2ys@agluck-desk> In-Reply-To: <20180220213246.43y2vbiiikqyx2ys@agluck-desk> From: Matthew Garrett Date: Tue, 20 Feb 2018 21:35:20 +0000 Message-ID: Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions To: tony.luck@intel.com Cc: Linus Torvalds , joe.konno@linux.intel.com, linux-efi , Linux Kernel Mailing List , Ard Biesheuvel , matthew.garrett@nebula.com, jk@ozlabs.org, ak@linux.intel.com, pjones@redhat.com, luto@kernel.org, James Bottomley Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 20, 2018 at 1:32 PM Luck, Tony wrote: > The immediate problem is the denial of service attack. I have > a nagging worry that allowing a user to cause an SMI at a precise > time might also be a problem. But I don't know how that could be > leveraged in some other attack. The thing that worries me here is that if it's possible for root to potentially attack the kernel then just changing the permissions is still allowing an escalation of privilege. The other approaches would also block this.