RE: [PATCH 1/2] fs/efivarfs: restrict inode permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> It's not about slowing down.
>
> It's about "user Xyz is messing with the system and reading efi vars
> all the time" resulting in "user 'torvalds' is installing a kernel,
> and actually wants to read efi vars, but can't".
>
> if you don't make it per-user, you're just replacing one DoS attack
> with another one!

How are you envisioning this rate-limiting to be implemented? Are
you going to fail an EFI call if the rate is too high?  I'm thinking that
we just add a delay to each call so that we can't exceed the limit.
That means your kernel install will complete, just slower than it
would without the delays.

I think I want a small random delay anyway to prevent users from
causing an SMI at the precise moment of their choosing.

-Tony
��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux