From: Linus Torvalds <torvalds@linux-foundation.org>
To: "Luck, Tony" <tony.luck@intel.com>
Cc: Joe Konno <joe.konno@linux.intel.com>,
linux-efi@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Matthew Garrett <matthew.garrett@nebula.com>,
Jeremy Kerr <jk@ozlabs.org>, Andi Kleen <ak@linux.intel.com>,
Matthew Garrett <mjg59@google.com>,
Peter Jones <pjones@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
James Bottomley <james.bottomley@hansenpartnership.com>
Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions
Date: Tue, 20 Feb 2018 14:01:51 -0800 [thread overview]
Message-ID: <CA+55aFzjyB=E+=q-W9oYZ7Py7nJwm8YQHFjfbWTib6wvkP9B_A@mail.gmail.com> (raw)
In-Reply-To: <20180220211849.fqjb6rdmypl6opir@agluck-desk>
On Tue, Feb 20, 2018 at 1:18 PM, Luck, Tony <tony.luck@intel.com> wrote:
> ...
>> > - inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0,
>> > + inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0600, 0,
>> > is_removable);
>
> Linus,
>
> Does this rate an exception to the "don't break userspace" for a security issue?
I have a hard time judging, since I don't know what the breakage is.
_Theoretical_ breakage doesn't matter.
But yes, if it's actually part of some regular use flow, then it
matters, and we should not do this change. It's not a real security
issue, afaik.
I do think that we might need to just extend on the whitelist for efi
variables we _already_ have for other reasons. I'm talking about that
whole variable_validate[] array.
Which variables are actually used by user space tools? It sounds like
it may be exactly those boot order things that we already have flags
and special behavior for.
And no, I don't believe in the "SMI can trigger a DoS" argument. Those
garbage efivars that *do* trigger SMI's should me marked and shamed,
and maybe _they_ need to be added to the list of things that you
should look out for. Root or not.
And just on general principlies, I don't want to see weasel-wordy
commit messages like
"Reading certain EFI variables trigger SMIs"
I understand *writing* them causing SMI's due to some flash protection
scheme. What's the reading thing? And why aren't we calling that
garbage out?
So even if we do need to limit reading, I want out comments (in core
or commits) to actually explain *Why*., instead of this kind of
non-specific fear-mongering that nobody can really say yay or nay
about.
Linus
next prev parent reply other threads:[~2018-02-20 22:01 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 18:22 [PATCH 0/2] efivars: reading variables can generate SMIs Joe Konno
2018-02-15 18:22 ` [PATCH 1/2] fs/efivarfs: restrict inode permissions Joe Konno
2018-02-20 19:18 ` Andy Lutomirski
2018-02-20 21:18 ` Luck, Tony
2018-02-20 21:22 ` Matthew Garrett
2018-02-20 21:32 ` Luck, Tony
2018-02-20 21:35 ` Matthew Garrett
2018-02-20 22:01 ` Linus Torvalds [this message]
2018-02-20 23:30 ` Luck, Tony
2018-02-20 23:39 ` Matthew Garrett
2018-02-20 23:50 ` Luck, Tony
2018-02-21 0:49 ` Linus Torvalds
2018-02-21 1:05 ` Luck, Tony
2018-02-21 2:16 ` Linus Torvalds
2018-02-21 9:03 ` Ard Biesheuvel
2018-02-21 18:02 ` Linus Torvalds
2018-02-21 18:21 ` Andi Kleen
2018-02-21 19:47 ` Luck, Tony
2018-02-21 19:50 ` Linus Torvalds
2018-02-21 19:58 ` Luck, Tony
2018-02-21 20:40 ` Linus Torvalds
2018-02-22 1:45 ` [PATCH] efivarfs: Limit the rate for non-root to read files Luck, Tony
2018-02-22 1:58 ` Linus Torvalds
2018-02-22 5:34 ` Luck, Tony
2018-02-22 17:10 ` Eric W. Biederman
[not found] ` <CA+55aFy0hRexJkLbN7t31LjfGr4Ae0W5g6sBMqHHJi8aYuGKeA@mail.gmail.com>
[not found] ` <612E894E-62C8-4155-AED8-D53702EDC8DC@intel.com>
[not found] ` <CA+55aFxeBaTbwvbWqx1MKYjKKzLUs=1O43Bx2=JaO8qrnY-8HA@mail.gmail.com>
2018-02-22 17:15 ` [PATCH v2] " Luck, Tony
2018-02-22 17:39 ` Linus Torvalds
2018-02-22 17:54 ` Luck, Tony
2018-02-22 18:07 ` Linus Torvalds
2018-02-22 18:08 ` Ard Biesheuvel
2018-02-23 20:34 ` Andy Lutomirski
2018-02-23 19:47 ` [PATCH] " Peter Jones
2018-02-21 19:52 ` [PATCH 1/2] fs/efivarfs: restrict inode permissions Linus Torvalds
2018-02-24 20:06 ` Alan Cox
2018-02-25 10:56 ` Ard Biesheuvel
2018-02-21 0:49 ` Peter Jones
2018-02-20 23:19 ` Andy Lutomirski
[not found] ` <20180215182208.35003-1-joe.konno-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2018-02-15 18:22 ` [PATCH 2/2] efi: restrict top-level attribute permissions Joe Konno
2018-02-15 18:22 ` Joe Konno
2018-02-16 10:41 ` [PATCH 0/2] efivars: reading variables can generate SMIs Ard Biesheuvel
2018-02-16 10:55 ` Borislav Petkov
2018-02-16 10:58 ` Ard Biesheuvel
2018-02-16 11:08 ` Borislav Petkov
[not found] ` <20180216110821.GB29042-fF5Pk5pvG8Y@public.gmane.org>
2018-02-16 11:18 ` Ard Biesheuvel
2018-02-16 11:18 ` Ard Biesheuvel
[not found] ` <CAKv+Gu_SD6yWJMGbTwGUWXtrgZKPkpANNaGe1PUruTG9j0yhcg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 18:48 ` Joe Konno
2018-02-16 18:48 ` Joe Konno
2018-02-16 18:58 ` Borislav Petkov
2018-02-16 19:22 ` Peter Jones
2018-02-16 19:31 ` Ard Biesheuvel
[not found] ` <CAKv+Gu9=wny1J+-tZCdoGYUSZjfWgbiB9b_MdgpssdcTVXtKkA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 19:51 ` Matthew Garrett
2018-02-16 19:51 ` Matthew Garrett
2018-02-16 19:32 ` Luck, Tony
2018-02-16 19:54 ` Peter Jones
[not found] ` <CAKv+Gu80pJ5tbGoJqBm8CCKrEZXdkE83c944383KbQ5jREUC0Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 20:51 ` James Bottomley
2018-02-16 20:51 ` James Bottomley
[not found] ` <1518814319.4419.10.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2018-02-16 21:09 ` Luck, Tony
2018-02-16 21:09 ` Luck, Tony
2018-02-16 21:45 ` Andy Lutomirski
2018-02-16 21:58 ` Matthew Garrett
[not found] ` <CACdnJutPvMPUTWWjS3oRadQAqn+HpRpY+fhO0pXBj6OsQkAAag-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 22:02 ` Luck, Tony
2018-02-16 22:02 ` Luck, Tony
[not found] ` <3908561D78D1C84285E8C5FCA982C28F7B3795A3-8oqHQFITsIHTXloPLtfHfbfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2018-02-16 22:03 ` Matthew Garrett
2018-02-16 22:03 ` Matthew Garrett
[not found] ` <CACdnJuvR4NTdCwp=jT3AoW898EXuq6zakfo5hm6dd9mP-SWoGQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-17 18:12 ` Andy Lutomirski
2018-02-17 18:12 ` Andy Lutomirski
2018-02-16 22:05 ` Peter Jones
[not found] ` <20180216220536.liew4p4kqmaxwmfh-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2018-02-17 9:36 ` Ard Biesheuvel
2018-02-17 9:36 ` Ard Biesheuvel
[not found] ` <CAKv+Gu982mt==TaBRpwLLOLrX03zVJ+RznqCgDrxGNctJUVQVA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-17 16:17 ` Andi Kleen
2018-02-17 16:17 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+55aFzjyB=E+=q-W9oYZ7Py7nJwm8YQHFjfbWTib6wvkP9B_A@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=ak@linux.intel.com \
--cc=ard.biesheuvel@linaro.org \
--cc=james.bottomley@hansenpartnership.com \
--cc=jk@ozlabs.org \
--cc=joe.konno@linux.intel.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=matthew.garrett@nebula.com \
--cc=mjg59@google.com \
--cc=pjones@redhat.com \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.