On Tue, Feb 20, 2018 at 7:18 PM, Andy Lutomirski <[email protected]> wrote:
> On 02/15/2018 10:22 AM, Joe Konno wrote:
>>
>> From: Joe Konno <[email protected]>
>>
>> Efivarfs nodes are created with group and world readable permissions.
>> Reading certain EFI variables trigger SMIs. So, this is a potential DoS
>> surface.
>>
>> Make permissions more restrictive-- only the owner may read or write to
>> created inodes.
>>
>> Suggested-by: Andi Kleen <[email protected]>
>> Reported-by: Tony Luck <[email protected]>
>> Cc: Ard Biesheuvel <[email protected]>
>> Cc: Matthew Garrett <[email protected]>
>> Cc: Jeremy Kerr <[email protected]>
>> Cc: [email protected]
>> Cc: [email protected]
>> Signed-off-by: Joe Konno <[email protected]>
>
>
> The discussion in this thread has gone on too long, so:
>
> Acked-by: Andy Lutomirski <[email protected]>
>
> And yes, this patch will break a couple of minor usecases, but IMO those
> usecases deserve to break.
Alternatively, a patch like this (untested but straightforward) might
be a little more effective and easier to undo in userspace for anyone
who may be adversely affected:
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 5b68e4294faa..88c7163c0ac1 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -207,7 +207,7 @@ static int efivarfs_fill_super(struct super_block
*sb, void *data, int silent)
sb->s_d_op = &efivarfs_d_ops;
sb->s_time_gran = 1;
- inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0, true);
+ inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0700, 0, true);
if (!inode)
return -ENOMEM;
inode->i_op = &efivarfs_dir_inode_operations;
If you prefer that, I'd be happy to re-send it for real.
--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
