lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Feb 2018 11:18:57 -0800
From:   Andy Lutomirski <luto@...nel.org>
To:     Joe Konno <joe.konno@...ux.intel.com>, linux-efi@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     ard.biesheuvel@...aro.org, matthew.garrett@...ula.com,
        jk@...abs.org, ak@...ux.intel.com, tony.luck@...el.com
Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions

On 02/15/2018 10:22 AM, Joe Konno wrote:
> From: Joe Konno <joe.konno@...el.com>
> 
> Efivarfs nodes are created with group and world readable permissions.
> Reading certain EFI variables trigger SMIs. So, this is a potential DoS
> surface.
> 
> Make permissions more restrictive-- only the owner may read or write to
> created inodes.
> 
> Suggested-by: Andi Kleen <ak@...ux.intel.com>
> Reported-by: Tony Luck <tony.luck@...el.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@...aro.org>
> Cc: Matthew Garrett <matthew.garrett@...ula.com>
> Cc: Jeremy Kerr <jk@...abs.org>
> Cc: linux-efi@...r.kernel.org
> Cc: stable@...r.kernel.org
> Signed-off-by: Joe Konno <joe.konno@...el.com>

The discussion in this thread has gone on too long, so:

Acked-by: Andy Lutomirski <luto@...nel.org>

And yes, this patch will break a couple of minor usecases, but IMO those 
usecases deserve to break.

> ---
>   fs/efivarfs/super.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
> index 5b68e4294faa..ca98c4e31eb7 100644
> --- a/fs/efivarfs/super.c
> +++ b/fs/efivarfs/super.c
> @@ -145,7 +145,7 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
>   
>   	name[len + EFI_VARIABLE_GUID_LEN+1] = '\0';
>   
> -	inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0644, 0,
> +	inode = efivarfs_get_inode(sb, d_inode(root), S_IFREG | 0600, 0,
>   				   is_removable);
>   	if (!inode)
>   		goto fail_name;
> @@ -207,7 +207,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
>   	sb->s_d_op		= &efivarfs_d_ops;
>   	sb->s_time_gran         = 1;
>   
> -	inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true);
> +	inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0700, 0, true);
>   	if (!inode)
>   		return -ENOMEM;
>   	inode->i_op = &efivarfs_dir_inode_operations;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ