linux/arch/x86
Alan Cox c903f0456b x86/msr: Add capabilities check
At the moment the MSR driver only relies upon file system
checks. This means that anything as root with any capability set
can write to MSRs. Historically that wasn't very interesting but
on modern processors the MSRs are such that writing to them
provides several ways to execute arbitary code in kernel space.
Sample code and documentation on doing this is circulating and
MSR attacks are used on Windows 64bit rootkits already.

In the Linux case you still need to be able to open the device
file so the impact is fairly limited and reduces the security of
some capability and security model based systems down towards
that of a generic "root owns the box" setup.

Therefore they should require CAP_SYS_RAWIO to prevent an
elevation of capabilities. The impact of this is fairly minimal
on most setups because they don't have heavy use of
capabilities. Those using SELinux, SMACK or AppArmor rules might
want to consider if their rulesets on the MSR driver could be
tighter.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Horses <stable@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-01-24 17:37:51 +01:00
..
boot x86, efi: correct precedence of operators in setup_efi_pci 2012-12-20 11:47:14 -08:00
configs x86/Kconfig: Turn off DEBUG_NX_TEST module in defconfigs 2012-09-05 10:43:12 +02:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-12-15 12:35:19 -08:00
ia32 new helpers: __save_altstack/__compat_save_altstack, switch x86 and um to those 2012-12-19 18:07:41 -05:00
include arch/x86/platform/uv: Fix incorrect tlb flush all issue 2013-01-24 15:58:54 +01:00
kernel x86/msr: Add capabilities check 2013-01-24 17:37:51 +01:00
kvm KVM: x86: use dynamic percpu allocations for shared msrs area 2013-01-08 12:51:56 -02:00
lguest x86, MCA: Finish mca_config conversion 2012-10-26 14:37:58 +02:00
lib X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
math-emu x86: Rename trap_no to trap_nr in thread_struct 2012-03-13 06:24:09 +01:00
mm Automatic NUMA Balancing V11 2012-12-16 15:18:08 -08:00
net x86: bpf_jit_comp: add vlan tag support 2012-10-31 14:00:15 -04:00
oprofile oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() 2012-10-15 14:38:24 +02:00
pci X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
platform arch/x86/platform/uv: Fix incorrect tlb flush all issue 2013-01-24 15:58:54 +01:00
power x86, topology: Debug CPU0 hotplug 2012-11-14 15:28:11 -08:00
realmode Revert "x86, mm: Include the entire kernel memory map in trampoline_pgd" 2012-12-15 12:29:54 -08:00
syscalls Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-20 18:05:28 -08:00
tools x86: Fix the error of using "const" in gen-insn-attr-x86.awk 2012-12-10 10:31:24 -08:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-20 18:05:28 -08:00
vdso Merge tag 'kvm-3.8-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2012-12-13 15:31:08 -08:00
video x86: Use vga_default_device() when determining whether an fb is primary 2012-04-24 09:50:17 +01:00
xen Bugfixes: 2012-12-18 12:26:54 -08:00
.gitignore
Kbuild x86, realmode: realmode.bin infrastructure 2012-05-08 11:41:48 -07:00
Kconfig x86/olpc: Fix olpc-xo1-sci.c build errors 2013-01-24 16:00:23 +01:00
Kconfig.cpu x86, 386 removal: Document Nx586 as a 386 and thus unsupported 2012-11-29 13:28:39 -08:00
Kconfig.debug x86/tlb: add tlb_flushall_shift knob into debugfs 2012-06-27 19:29:10 -07:00
Makefile md update for 3.8 2012-12-18 09:32:44 -08:00
Makefile_32.cpu x86, 386 removal: Remove CONFIG_M386 from Kconfig 2012-11-29 13:23:01 -08:00
Makefile.um um: fix linker script generation 2012-04-09 13:59:00 -04:00