Re: [PATCH] x86: Lock down MSR writing in secure boot

Wed, 13 Feb 2013 10:51:52 -0800 

On Wed, 2013-02-13 at 10:44 -0800, H. Peter Anvin wrote:

> So people have piggybacked complete inappropriate junk onto 
> CAP_SYS_RAWIO.  Great.  What the hell do we do now?  We can't break 
> apart CAP_SYS_RAWIO because we don't have hierarchical capabilities.

Yeah. Like I said, it's approximately useless.

> We thus have a bunch of unpalatable choices, **all of which are wrong**.
> 
> This, incidentally, is *exactly* the reason I object to 
> CAP_COMPROMISE_KERNEL as well... it describes a usage model, not a resource.

Like I said, I'm not wed to a capability-based model. However, it does
seem marginally more attractive than sprinkling if (!secure_boot) all
over the place. If anyone has alternatives, this would be a great time
to raise them.

-- 
Matthew Garrett | [email protected]
N�����r��y����b�X��ǧv�^�)޺{.n�+����{�y����^n�r���z���h�����&���G���h�(�階�ݢj"���m������z�ޖ���f���h���~�m�

Reply via email to