[Bug 1087546] Re: efivars filesystem gives more access than the exists vars directory
Steve Langasek
steve.langasek at canonical.com
Wed Dec 12 22:39:04 UTC 2012
Having looked at this, it doesn't appear there's any way to control the
permissions via mount options. So I think it would be better if the
kernel driver would set sensible default permissions, instead of trying
to hack around it in mountall; reassigning.
** Package changed: mountall (Ubuntu) => linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mountall in Ubuntu.
https://bugs.launchpad.net/bugs/1087546
Title:
efivars filesystem gives more access than the exists vars directory
Status in “linux” package in Ubuntu:
New
Bug description:
There are currently two ways of accessing EFI variables on Ubuntu:
- The old way, through /sys/firmware/efi/vars
- The new way, through /sys/firmware/efi/efivars
Both provide access to the exact same variables and are available at
the same time.
One big difference however is that /sys/firmware/efi/vars/ is only
root readable with all files being owned by root:root with the file
permissions being 600.
With the introduction of efivars, anyone is now capable of reading any
of the EFI variables.
I'm not sure if there's a potential security problem with letting any user reading EFI variables, but in any case, the lack of consistency is a bit disturbing, so I think it'd be best to have efivars match the permissions of the same entries as exposed by sysfs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1087546/+subscriptions
More information about the foundations-bugs
mailing list