| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Jan 2022 19:29:55 +0000
From: "Luck, Tony" <tony.luck@...el.com>
To: Borislav Petkov <bp@...en8.de>
CC: "x86@...nel.org" <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Smita Koralahalli Channabasappa
<smita.koralahallichannabasappa@....com>,
Wei Huang <wei.huang2@....com>,
Tom Lendacky <thomas.lendacky@....com>,
"patches@...ts.linux.dev" <patches@...ts.linux.dev>
Subject: RE: [PATCH v2 0/6] PPIN (Protected Processor Inventory Number)
updates
> Lemme be clear: I'm being the devil's advocate here on purpose because
> I want to make sure we don't walk into some privacy thing we haven't
> thought about at the time.
Sure. It's good to look at this from other perspectives. There may be some
software-as-a-service thing where the provider of the service doesn't want
a simple way to reveal that jobs are being migrated around a pool of systems.
> So I guess 0400, root:root would be the correct thing to do - admins can
> then change permissions later or so. Rather than making it readable by
> everyone by default and leaving it to people to tighten it after boot.
Yup. If someone has a tool that needs ppin, but they don't want to run
as root they can just add either of:
chown notrootadmin /sys/devices/system/cpu/cpu*/topology/ppin
or
chmod 444 /sys/devices/system/cpu/cpu*/topology/ppin
to some /etc/rc* file.
-Tony
Powered by blists - more mailing lists