Subject: Re: [PATCH] x86: Lock down MSR writing in secure boot
Date: Wednesday 13th February 2013 17:26:39 UTC (over 5 years ago)
On Wed, 2013-02-13 at 09:20 -0800, H. Peter Anvin wrote: > Problem: > > Someone adds SYS_CAP_RAWIO to some places it definitely does not > belong. > > Solution: > > Break all the *appropriate* (as defined)uses of SYS_CAP_RAWIO? Problem: CAP_SYS_RAWIO has been used in a bunch of arguably inappropriate places. Removing CAP_SYS_RAWIO from the set of possible capabilities on a system will prevent userspace from doing things that userspace should be permitted to do. Removing CAP_SYS_RAWIO from the places that it currently exists will allow userspace to do too much. Replacing CAP_SYS_RAWIO with CAP_SYS_ADMIN will prevent userspace from doing things that it can currently do. Solution: Admit that CAP_SYS_RAWIO is fucked up beyond rescue. Add a new capability with well-defined semantics.