From: Thomas Renninger <trenn@suse.de>
To: Len Brown <lenb@kernel.org>
Cc: hpa@zytor.com, initramfs@vger.kernel.org, robert.moore@intel.com,
linux-kernel@vger.kernel.org, linux-acpi@vger.kernel.org,
yinghai@kernel.org, eric.piel@tremplin-utc.net, vojcek@tlen.pl
Subject: Re: [PATCH 2/2] ACPI: Override arbitrary ACPI tables via initrd for debugging
Date: Mon, 24 Sep 2012 08:40:28 +0200 [thread overview]
Message-ID: <201209240840.29342.trenn@suse.de> (raw)
In-Reply-To: <505E8F44.9020208@kernel.org>
On Sunday 23 September 2012 06:25:40 Len Brown wrote:
> > +config ACPI_INITRD_TABLE_OVERRIDE
> > + bool
> > + default y
>
> Do distros in addition to SuSE concur they want to ship this way?
Whether distros ship this in their enterprise, community or just in
a -debug kernel flavor is up to them.
I cannot see why this cannot be enabled by default on all.
That is what the TAINT flag is for...
> The last time we tried to make debugging easier we added
> ACPI_CUSTOM_METHOD, which allowed root to over-ride an AML method
> on a running system. Distro security-minded people were not amused.
Yep and therefore you have to remove this one from the tools for
ACPI debugging you listed.
The issue is/was, that root can inject code at runtime which is then
executed in kernel environment.
Afaik there are "security" provisions or say setups, which do
hide modprobe/insmod and do not allow root to load any kernel drivers
or similar.
If one can write the kernel or initrd which gets booted, I guess there
are not much security restrictions anymore you could put on this user...
But thanks for the pointer, I'll go and double check with some
security guys.
> thanks,
> -Len Brown, Intel Open Source Technology Center
>
> ps I noticed your reference to acpidump in the README.
> That reminded me to push it to the kernel source tree.
> Its new home will be tools/power/acpi
This is the one which I tried to/did adjust to acpica headers?
This sounds like a very good idea. I'll adjust the docs.
pss: Can this tool live there as well:
ftp://ftp.suse.com/pub/people/trenn/sources/ec/ec_access.c
It's the userspace tool for examining EC values (and changes) via
ec_sys debug driver and a corresponding /sys/kernel/debug/.. file.
It's more ore less doing the same what the old thinkpad_acpi driver
could, but offers this to all machines with an EC device.
Thomas
next prev parent reply other threads:[~2012-09-24 6:40 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-21 13:28 Early cpio decoder and ACPI table override via initrd making use of it Thomas Renninger
2012-09-21 13:28 ` [PATCH 1/2] lib: Add early cpio decoder Thomas Renninger
2012-09-21 13:28 ` [PATCH 2/2] ACPI: Override arbitrary ACPI tables via initrd for debugging Thomas Renninger
[not found] ` <1348234085-39220-3-git-send-email-trenn-l3A5Bk7waGM@public.gmane.org>
2012-09-21 20:56 ` Yinghai Lu
2012-09-21 20:56 ` Yinghai Lu
[not found] ` <CAE9FiQX64iRo9QjhEPYtEOhbEweKSmTssQ50VfPznWtHA345CQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-09-25 14:17 ` Thomas Renninger
2012-09-25 14:17 ` Thomas Renninger
2012-09-22 15:16 ` Len Brown
[not found] ` <505DD65F.9080203-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2012-09-23 1:17 ` Thomas Renninger
2012-09-23 1:17 ` Thomas Renninger
[not found] ` <201209230317.04050.trenn-l3A5Bk7waGM@public.gmane.org>
2012-09-23 4:25 ` Len Brown
2012-09-23 4:25 ` Len Brown
2012-09-24 6:40 ` Thomas Renninger [this message]
2012-09-24 9:21 ` Alan Cox
2012-09-25 15:25 ` [PATCH] ACPI: Only allow users with CAP_SYS_RAWIO rights to overwrite ACPI funcs at runtime Thomas Renninger
2012-09-24 18:26 ` [PATCH 2/2] ACPI: Override arbitrary ACPI tables via initrd for debugging Matthew Garrett
2012-09-24 20:27 ` H. Peter Anvin
-- strict thread matches above, loose matches on Subject: below --
2012-08-30 9:29 Early cpio decoder and ACPI table override via initrd making use of it Thomas Renninger
2012-08-30 9:29 ` [PATCH 2/2] ACPI: Override arbitrary ACPI tables via initrd for debugging Thomas Renninger
[not found] ` <1346318957-5831-3-git-send-email-trenn-l3A5Bk7waGM@public.gmane.org>
2012-08-30 9:34 ` Thomas Renninger
2012-08-30 9:34 ` Thomas Renninger
2012-07-18 10:36 Early initrd file overwrite and ACPI table override making use of it Thomas Renninger
2012-07-18 10:36 ` [PATCH 2/2] ACPI: Override arbitrary ACPI tables via initrd for debugging Thomas Renninger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201209240840.29342.trenn@suse.de \
--to=trenn@suse.de \
--cc=eric.piel@tremplin-utc.net \
--cc=hpa@zytor.com \
--cc=initramfs@vger.kernel.org \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robert.moore@intel.com \
--cc=vojcek@tlen.pl \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.