*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
There are currently two ways of accessing EFI variables on Ubuntu:
- The old way, through /sys/firmware/efi/vars
- The new way, through /sys/firmware/efi/efivars
Both provide access to the exact same variables and are available at the
same time.
One big difference however is that /sys/firmware/efi/vars/ is only root
readable with all files being owned by root:root with the file
permissions being 600.
With the introduction of efivars, anyone is now capable of reading any
of the EFI variables.
I'm not sure if there's a potential security problem with letting any user
reading EFI variables, but in any case, the lack of consistency is a bit
disturbing, so I think it'd be best to have efivars match the permissions of
the same entries as exposed by sysfs.
** Affects: linux (Ubuntu)
Importance: Medium
Status: New
** Tags: kernel-da-key
--
efivars filesystem gives more access than the exists vars directory
https://bugs.launchpad.net/bugs/1087546
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
