RE: [PATCH 0/2] efivars: reading variables can generate SMIs

From: Luck, Tony
Date: Fri Feb 16 2018 - 17:02:13 EST

Next message: Matthew Garrett: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Previous message: Eric W. Biederman: "Re: [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes"
In reply to: Matthew Garrett: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Next in thread: Matthew Garrett: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If the default is 600 then it makes sense to allow a privileged service to
> selectively make certain variables world readable at runtime.

As soon as you make one variable world readable you are vulnerable to
a local user launching a DoS attack by reading that variable over and over
generating a flood of SMIs.

-Tony

Next message: Matthew Garrett: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Previous message: Eric W. Biederman: "Re: [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes"
In reply to: Matthew Garrett: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Next in thread: Matthew Garrett: "Re: [PATCH 0/2] efivars: reading variables can generate SMIs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]