On Fri, Feb 8, 2013 at 11:17 AM, Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote: > On Fri, 2013-02-08 at 11:12 -0800, Kees Cook wrote: >> Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is >> set since it could lead to execution of arbitrary code in kernel mode. > > Willing to buy this, but do you have a description of one potential > approach? We should probably also figure out what's writing to MSRs at > the moment (anything other than energy_perf_bias?) and decide what the > best thing to do there is. Yes, change the SYSENTER entry point to where-ever you like. There are examples already written: http://grsecurity.net/~spender/msr32.c IMO, _writing_ an MSR from userspace should be considered a bug. If writing is needed, a kernel driver should be mediating the change. wrmsr (and rdmsr) are ring-0 only for good reason. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
