lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 8 Jun 2016 06:24:10 -0700
From:	Guenter Roeck <linux@...ck-us.net>
To:	Pali Rohár <pali.rohar@...il.com>,
	Jean Delvare <jdelvare@...e.com>, Mario_Limonciello@...l.com,
	Gabriele Mazzotta <gabriele.mzt@...il.com>,
	Michał Kępień 
	<kernel@...pniu.pl>
Cc:	linux-hwmon@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: dell-smm-hwmon: security problems

On 06/08/2016 02:57 AM, Pali Rohár wrote:
> Hello!
>
> Mario wrote me about two I think security problems in dell-smm-hwmon
> driver and I would like to ask you, how to fix them.
>
> 1) File /proc/i8k (exists only when kernel is compiled with CONFIG_I8K)
> exports DMI_PRODUCT_SERIAL and it can be read by ordinary user, without
> root permission. Normally DMI_PRODUCT_SERIAL can be read from sysfs file
> /sys/class/dmi/id/product_serial but only by root user.
>
> 2) Via /proc/i8k ordinary user can set fan speed. This is because how
> "restricted" parameter and variable works. Setting fan speed by normal
> non-root user can be dangerous, e.g. malicious application under user
> "nobody" could take control of fans.
>
> Do you have idea how to fix these problems? Just to note that /proc/i8k
> has stable kernel ABI and changing it will break all existing i8k*
> applications. But /proc/i8k is there only for old legacy laptops (year
> 2000).
>
> There is module parameter "restricted" with default value false and
> description: "Allow fan control if SYS_ADMIN capability set". Current
> code do:
>
> 	case I8K_SET_FAN:
> 		if (restricted && !capable(CAP_SYS_ADMIN))
> 			return -EPERM;
>
> For me description is a bit ambiguous. What about setting "restricted"
> by default to true and updating description to something like this?
>
> "Disallow fan control when SYS_ADMIN capability is not set (default: 1)"
>

Sure. I am sure that someone will complain (we learned just recently
that people still use the old commands, after all), but then the old
behavior can be restored by setting the flag to 0.

I would not use a double negative to describe it. Why not just
something like "Allow fan control only if SYS_ADMIN capability set
(default 1)" ?

Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ