Re: Do not allow MSR or Embedded Controller writes from userspace in secure boot case

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 8 Nov 2012 14:39:19 +0000
Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote:

> On Thu, Nov 08, 2012 at 10:40:33AM +0100, Thomas Renninger wrote:
> > On Wednesday, November 07, 2012 09:54:03 PM Matthew Garrett wrote:
> > > Is there a case where modifying MSRs or EC registers can cause arbitrary
> > > code execution?
> > 
> > Ok, I am not familiar enough with this secure stuff.
> > Theoretically writing EC registers could be used to trick ACPI
> > code and change the way it is processed by inspecting ACPI
> > code for bad EC register return values.
> 
> I'd prefer to see an actual example before worrying too much about this.
> 
> > Similar for MSR, the kernel could be (not directly) influenced
> > by setting MSR registers in a way it does not expect them to be.
> 
> Again, I'd like to see an example of arbitrary code execution.

I can think of a few. However that also shows up the lack of
CAP_SYS_RAWIO checking on this interface so I think we need to get that
fixed before posting the obvious ones as its otherwise a way to get from
DAC to RAWIO.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux