From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754420AbaCMV1K (ORCPT ); Thu, 13 Mar 2014 17:27:10 -0400 Received: from lxorguk.ukuu.org.uk ([81.2.110.251]:35571 "EHLO lxorguk.ukuu.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752392AbaCMV1G (ORCPT ); Thu, 13 Mar 2014 17:27:06 -0400 Date: Thu, 13 Mar 2014 21:26:47 +0000 From: One Thousand Gnomes To: Matthew Garrett Cc: "jmorris@namei.org" , "linux-kernel@vger.kernel.org" , "keescook@chromium.org" , "linux-security-module@vger.kernel.org" , "akpm@linux-foundation.org" , "hpa@zytor.com" , "jwboyer@fedoraproject.org" , "linux-efi@vger.kernel.org" , "gregkh@linuxfoundation.org" Subject: Re: Trusted kernel patchset for Secure Boot lockdown Message-ID: <20140313212647.7412aadf@alan.etchedpixels.co.uk> In-Reply-To: <1394726363.25122.16.camel@x230> References: <1393445473-15068-1-git-send-email-matthew.garrett@nebula.com> <1394686919.25122.2.camel@x230> <1394726363.25122.16.camel@x230> Organization: Intel Corporation X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.20; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On the other hand, disabling CAP_SYS_RAWIO *definitely* breaks expected > functionality - firmware loading and the fibmap ioctl are probably the > most obvious. And changing the use of CAP_SYS_RAWIO potentially breaks > userspace expectations, so we're kind of stuck there. Actually I know how to describe the problem better. Whitelist v Blacklist. Going around adding extra cases for CAP_SYS_RAWIO is a fails insecure model. Going around adding CAP_SYS_RAWIO || CAP_SYS_RAWIO_SEC is a 'fails secure' case. Alan From mboxrd@z Thu Jan 1 00:00:00 1970 From: One Thousand Gnomes Subject: Re: Trusted kernel patchset for Secure Boot lockdown Date: Thu, 13 Mar 2014 21:26:47 +0000 Message-ID: <20140313212647.7412aadf@alan.etchedpixels.co.uk> References: <1393445473-15068-1-git-send-email-matthew.garrett@nebula.com> <1394686919.25122.2.camel@x230> <1394726363.25122.16.camel@x230> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1394726363.25122.16.camel@x230> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Matthew Garrett Cc: "jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org" , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org" , "linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org" , "hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org" , "jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org" , "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org" List-Id: linux-efi@vger.kernel.org > On the other hand, disabling CAP_SYS_RAWIO *definitely* breaks expected > functionality - firmware loading and the fibmap ioctl are probably the > most obvious. And changing the use of CAP_SYS_RAWIO potentially breaks > userspace expectations, so we're kind of stuck there. Actually I know how to describe the problem better. Whitelist v Blacklist. Going around adding extra cases for CAP_SYS_RAWIO is a fails insecure model. Going around adding CAP_SYS_RAWIO || CAP_SYS_RAWIO_SEC is a 'fails secure' case. Alan