From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alan Cox Subject: Re: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests Date: Fri, 13 Oct 2017 15:18:32 +0100 Message-ID: <20171013151832.3ab0891d@alans-desktop> References: <83dc225624f1cde5ee1797aebc945732444ded91.1507733291.git.mario.limonciello@dell.com> <20171012110903.3ab4ed5e@alans-desktop> <1200feb837864baa8a3be9740413f2e9@ausx13mpc120.AMER.DELL.COM> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Received: from www.llwyncelyn.cymru ([82.70.14.225]:52192 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753415AbdJMOTR (ORCPT ); Fri, 13 Oct 2017 10:19:17 -0400 In-Reply-To: <1200feb837864baa8a3be9740413f2e9@ausx13mpc120.AMER.DELL.COM> Sender: platform-driver-x86-owner@vger.kernel.org List-ID: To: Mario.Limonciello@dell.com Cc: dvhart@infradead.org, andy.shevchenko@gmail.com, linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org, luto@kernel.org, quasisec@google.com, pali.rohar@gmail.com, rjw@rjwysocki.net, mjg59@google.com, hch@lst.de, greg@kroah.com > Within Linux the security model is that items accessible through this interface > are only accessible by root. "root" has not been a security concept in the Linux kernel since about 2.0. If you are relying on file permissions then at best you are using CAP_SYS_DAC which is too weak for this. If you are allowing near unchecked communication with a third party entity that the user doesn't trust too much you should be requiring CAP_SYS_RAWIO. In fact it's a fair argument hat if you require CAP_SYS_RAWIO and have a module option you have to set to allow it that with the module loaded with say insmod dell_smbios factory=1 does even blacklisted stuff then you are ok, because a process with CAP_SYS_RAWIO has enough power to totally own the machine anyway including taking over and doing the WMI call itself by hand in user space or loading its own module. Alan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758088AbdJMOTS (ORCPT ); Fri, 13 Oct 2017 10:19:18 -0400 Received: from www.llwyncelyn.cymru ([82.70.14.225]:52192 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753415AbdJMOTR (ORCPT ); Fri, 13 Oct 2017 10:19:17 -0400 Date: Fri, 13 Oct 2017 15:18:32 +0100 From: Alan Cox To: Cc: , , , , , , , , , , Subject: Re: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability for requests Message-ID: <20171013151832.3ab0891d@alans-desktop> In-Reply-To: <1200feb837864baa8a3be9740413f2e9@ausx13mpc120.AMER.DELL.COM> References: <83dc225624f1cde5ee1797aebc945732444ded91.1507733291.git.mario.limonciello@dell.com> <20171012110903.3ab4ed5e@alans-desktop> <1200feb837864baa8a3be9740413f2e9@ausx13mpc120.AMER.DELL.COM> Organization: Intel Corporation X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Within Linux the security model is that items accessible through this interface > are only accessible by root. "root" has not been a security concept in the Linux kernel since about 2.0. If you are relying on file permissions then at best you are using CAP_SYS_DAC which is too weak for this. If you are allowing near unchecked communication with a third party entity that the user doesn't trust too much you should be requiring CAP_SYS_RAWIO. In fact it's a fair argument hat if you require CAP_SYS_RAWIO and have a module option you have to set to allow it that with the module loaded with say insmod dell_smbios factory=1 does even blacklisted stuff then you are ok, because a process with CAP_SYS_RAWIO has enough power to totally own the machine anyway including taking over and doing the WMI call itself by hand in user space or loading its own module. Alan