Re: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

On Wed, 9 Oct 2019 at 04:18, Matthew Garrett wrote: > > On Tue, Oct 8, 2019 at 9:55 PM Javier Martinez Canillas > wrote: > > Signed-off-by: Javier Martinez Canillas > > Acked-by: Laszlo Ersek > > Acked-by: Matthew Garrett Thanks all. Queued as a fix.

Re: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

On Tue, Oct 8, 2019 at 9:55 PM Javier Martinez Canillas wrote: > Signed-off-by: Javier Martinez Canillas > Acked-by: Laszlo Ersek Acked-by: Matthew Garrett

Re: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

On 10/08/19 12:55, Javier Martinez Canillas wrote: > The driver exposes EFI runtime services to user-space through an IOCTL > interface, calling the EFI services function pointers directly without > using the efivar API. > > Disallow access to the /dev/efi_test character device when the kernel is

[PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

The driver exposes EFI runtime services to user-space through an IOCTL interface, calling the EFI services function pointers directly without using the efivar API. Disallow access to the /dev/efi_test character device when the kernel is locked down to prevent arbitrary user-space to call EFI runti