lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171005205852.GB12321@fury> Date: Thu, 5 Oct 2017 13:58:52 -0700 From: Darren Hart <dvhart@...radead.org> To: Greg KH <greg@...ah.com> Cc: Mario.Limonciello@...l.com, pali.rohar@...il.com, andy.shevchenko@...il.com, linux-kernel@...r.kernel.org, platform-driver-x86@...r.kernel.org, luto@...nel.org, quasisec@...gle.com, rjw@...ysocki.net, mjg59@...gle.com, hch@....de Subject: Re: [PATCH v4 12/14] platform/x86: wmi: create character devices when requested by drivers On Thu, Oct 05, 2017 at 09:09:48PM +0200, Greg KH wrote: > On Thu, Oct 05, 2017 at 07:03:24PM +0000, Mario.Limonciello@...l.com wrote: ... > > It's up to firmware to block the crazy stuff that you can put in a buffer. > > So userspace can pass any blob it wants to the firmware through this > interface and the kernel does not parse anything? How is that > "protected"? > > > > Again, I like my TPM to work, and I don't want a random rootkit exploit > > > to be able to destroy it :) > > > > I'd like to however point out you can't kill your TPM from this interface. > > On _your_ platform, can you guarantee it on any other platform? :) The dell-smbios-wmi driver won't load on any other platform. No character device is created for any other platform. When drivers are written for those other platforms for different WMI GUIDs, we need to review them. This driver not having MOF data should be the exception. We'll have more ability to inspect others. If drivers are submitted that don't look at the MOF data even through it is present, we should reject them. -- Darren Hart VMware Open Source Technology Center
Powered by blists - more mailing lists