Re: [PATCH 0/2] efivars: reading variables can generate SMIs

From: Matthew Garrett
Date: Fri Feb 16 2018 - 17:03:56 EST


On Fri, Feb 16, 2018 at 2:02 PM Luck, Tony <tony.luck@xxxxxxxxx> wrote:

> > If the default is 600 then it makes sense to allow a privileged service
to
> > selectively make certain variables world readable at runtime.

> As soon as you make one variable world readable you are vulnerable to
> a local user launching a DoS attack by reading that variable over and over
> generating a flood of SMIs.

I'm not terribly worried about untrusted users on my laptop, but I would
prefer to run as little code as root as possible.