On Fri, Feb 16, 2018 at 2:02 PM Luck, Tony <tony.l...@intel.com> wrote:
> > If the default is 600 then it makes sense to allow a privileged service to > > selectively make certain variables world readable at runtime. > As soon as you make one variable world readable you are vulnerable to > a local user launching a DoS attack by reading that variable over and over > generating a flood of SMIs. I'm not terribly worried about untrusted users on my laptop, but I would prefer to run as little code as root as possible.