On Thu, 8 Nov 2012 14:39:19 +0000 Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > On Thu, Nov 08, 2012 at 10:40:33AM +0100, Thomas Renninger wrote: > > On Wednesday, November 07, 2012 09:54:03 PM Matthew Garrett wrote: > > > Is there a case where modifying MSRs or EC registers can cause arbitrary > > > code execution? > > > > Ok, I am not familiar enough with this secure stuff. > > Theoretically writing EC registers could be used to trick ACPI > > code and change the way it is processed by inspecting ACPI > > code for bad EC register return values. > > I'd prefer to see an actual example before worrying too much about this. > > > Similar for MSR, the kernel could be (not directly) influenced > > by setting MSR registers in a way it does not expect them to be. > > Again, I'd like to see an example of arbitrary code execution. I can think of a few. However that also shows up the lack of CAP_SYS_RAWIO checking on this interface so I think we need to get that fixed before posting the obvious ones as its otherwise a way to get from DAC to RAWIO. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html