Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions

From: Luck, Tony
Date: Wed Feb 21 2018 - 14:47:41 EST

Next message: Linus Torvalds: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Previous message: Tejun Heo: "[PATCH cgroup/for-4.16-fixes] cgroup: fix rule checking for threaded mode switching"
In reply to: Andi Kleen: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Next in thread: Linus Torvalds: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 21, 2018 at 10:21:04AM -0800, Andi Kleen wrote:
> > But it should be fairly easy to just add a 'struct ratelimit_state' to
> > 'struct user_struct', and then you can easily just use
> >
> > '&file->f_cred->user->ratelimit'
> >
> > and you're done. Make sure the initial root user has it unlimited, and
> > limit it to something reasonable for all other user allocations.
>
> How about uid name spaces? Someone untrusted in a container could
> create a lot of uids and switch between them.
>
> A global rate limit seems better. While in theory it allows DoS
> it's probably not worse than a lot of others we have with
> other resources, and it's relatively harmless.

The EFI calls are all about checking system configuration. A thing
that only a handful of users do on a very occasional basis. I don't
see much harm if my "efibootmgr -v" call is slowed down a bit (or even
a lot) because you are using a bunch of the available ratelimit reading
the efivars.

Per-user seems over engineered to solve this problem.

-Tony

Next message: Linus Torvalds: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Previous message: Tejun Heo: "[PATCH cgroup/for-4.16-fixes] cgroup: fix rule checking for threaded mode switching"
In reply to: Andi Kleen: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Next in thread: Linus Torvalds: "Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]