Re: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests

From: Alan Cox
Date: Fri Oct 13 2017 - 10:19:22 EST

Next message: Steven Rostedt: "[PATCH 0/2] tracing, thermal: Hide trace events when not in use"
Previous message: Timur Tabi: "Re: [PATCH 2/3] arm64: cpuinfo: add human readable CPU names to /proc/cpuinfo"
In reply to: Mario.Limonciello: "RE: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests"
Next in thread: Darren Hart: "Re: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Within Linux the security model is that items accessible through this interface
> are only accessible by root.

"root" has not been a security concept in the Linux kernel since about
2.0. If you are relying on file permissions then at best you are using
CAP_SYS_DAC which is too weak for this.

If you are allowing near unchecked communication with a third party
entity that the user doesn't trust too much you should be requiring
CAP_SYS_RAWIO.

In fact it's a fair argument hat if you require CAP_SYS_RAWIO and have a
module option you have to set to allow it that with the module loaded
with say

insmod dell_smbios factory=1

does even blacklisted stuff then you are ok, because a process with
CAP_SYS_RAWIO has enough power to totally own the machine anyway
including taking over and doing the WMI call itself by hand in user space
or loading its own module.

Alan

Next message: Steven Rostedt: "[PATCH 0/2] tracing, thermal: Hide trace events when not in use"
Previous message: Timur Tabi: "Re: [PATCH 2/3] arm64: cpuinfo: add human readable CPU names to /proc/cpuinfo"
In reply to: Mario.Limonciello: "RE: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests"
Next in thread: Darren Hart: "Re: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]