On Tue, Feb 20, 2018 at 09:22:29PM +0000, Matthew Garrett wrote: > On Tue, Feb 20, 2018 at 1:18 PM Luck, Tony <tony.luck@xxxxxxxxx> wrote: > > > Does this rate an exception to the "don't break userspace" for a security > issue? > > To be clear, when you say "security" is this in reference to it being a > denial of service, or are you worried about other interactions that may > cause wider security issues? The immediate problem is the denial of service attack. I have a nagging worry that allowing a user to cause an SMI at a precise time might also be a problem. But I don't know how that could be leveraged in some other attack. Making the efivar files 0600 would stop the user from causing the SMIs. The rate limit solution could include a random delay to make it tricky to use any attack that relies on an SMI during some specific code sequence. -Tony -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
