Re: [PATCH 0/2] efivars: reading variables can generate SMIs

From: Matthew Garrett
Date: Fri Feb 16 2018 - 17:03:56 EST

Next message: H. Peter Anvin: "Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description"
Previous message: Luck, Tony: "RE: [PATCH 0/2] efivars: reading variables can generate SMIs"
In reply to: Luck, Tony: "RE: [PATCH 0/2] efivars: reading variables can generate SMIs"
Next in thread: Andy Lutomirski: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 16, 2018 at 2:02 PM Luck, Tony <tony.luck@xxxxxxxxx> wrote:

> > If the default is 600 then it makes sense to allow a privileged service
to
> > selectively make certain variables world readable at runtime.

> As soon as you make one variable world readable you are vulnerable to
> a local user launching a DoS attack by reading that variable over and over
> generating a flood of SMIs.

I'm not terribly worried about untrusted users on my laptop, but I would
prefer to run as little code as root as possible.

Next message: H. Peter Anvin: "Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description"
Previous message: Luck, Tony: "RE: [PATCH 0/2] efivars: reading variables can generate SMIs"
In reply to: Luck, Tony: "RE: [PATCH 0/2] efivars: reading variables can generate SMIs"
Next in thread: Andy Lutomirski: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]