| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2022 18:25:28 +0000
From: "Luck, Tony" <tony.luck@...el.com>
To: "Hansen, Dave" <dave.hansen@...el.com>,
Borislav Petkov <bp@...en8.de>,
"Raj, Ashok" <ashok.raj@...el.com>
CC: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"Macieira, Thiago" <thiago.macieira@...el.com>,
"Joseph, Jithu" <jithu.joseph@...el.com>,
"hdegoede@...hat.com" <hdegoede@...hat.com>,
"markgross@...nel.org" <markgross@...nel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"platform-driver-x86@...r.kernel.org"
<platform-driver-x86@...r.kernel.org>,
"patches@...ts.linux.dev" <patches@...ts.linux.dev>,
"Shankar, Ravi V" <ravi.v.shankar@...el.com>,
"Jimenez Gonzalez, Athenas" <athenas.jimenez.gonzalez@...el.com>,
"Mehta, Sohil" <sohil.mehta@...el.com>
Subject: RE: [PATCH v2 12/14] platform/x86/intel/ifs: Add current_batch sysfs
entry
> So, what's the point of the sscanf() to check the *filename* other than
> saving some potentially expensive request_firmware() calls?
Not much point. There are two subsequent checks. First the driver checks
the F-M-S in the header of the file ... so your dastardly user will be thwarted
by this check.
If an even more dastardly user edited the file to have the right F-M-S (and
recomputed the file checksum) then the driver would be fooled, but microcode
would see that the signed binary portion is not for this CPU and reject it.
-Tony
Powered by blists - more mailing lists