lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMzpN2j-0s9kNzuCwa9n2ZbxcveK=72r-SP=Ofhu+4uY8Us=_A@mail.gmail.com>
Date:	Fri, 26 Jun 2015 15:23:41 -0400
From:	Brian Gerst <brgerst@...il.com>
To:	Prarit Bhargava <prarit@...hat.com>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"the arch/x86 maintainers" <x86@...nel.org>,
	Len Brown <len.brown@...el.com>,
	Dasaratharaman Chandramouli 
	<dasaratharaman.chandramouli@...el.com>
Subject: Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr

On Fri, Jun 26, 2015 at 1:52 PM, Prarit Bhargava <prarit@...hat.com> wrote:
> Customers write system monitoring software for single systems as well as
> clusters.  In load-balancing software it is useful to know how "busy" a
> core is.  Unfortunately the only way to get this data is to run as root,
> or use setcap to allow userspace access for particular programs.  Both of
> these options are clunky at best.
>
> This patch allows read access to the msr dev files which should be okay.
> No damage can be done by reading the MSR values and it allows non-root
> users to run system monitoring software.
>
> The turbostat code specifically checks for CAP_SYS_RAWIO, which it
> shouldn't have to and I've removed that code.  Additionally I've modified
> the turbostat man page to remove documentation about configuring
> CAP_SYS_RAW_IO.
>
> Note: Write access to msr is still restricted with this patch.

Allowing unrestricted read access to all MSRs is wrong.  Some MSRs
contain addresses of kernel data structures, which can be used in
security exploits.

The proper way to do this is to write a driver to only expose the MSRs
that the user tools need, and nothing else.

--
Brian Gerst
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ