[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/4] Harden dmidecode
From: |
Jean Delvare |
Subject: |
[PATCH 0/4] Harden dmidecode |
Date: |
Tue, 7 Feb 2023 15:27:52 +0100 |
The following project was brought to my attention:
https://github.com/adamreiser/dmiwrite
The project demonstrates how a very permissive sudo configuration can
let an attacker abuse dmidecode for privilege escalation. While it
doesn't exploit any bug in dmidecode, I still consider this a serious
issue as apparently such permissive sudo configurations can be found in
the wild.
Therefore, I decided to add some security hardening to dmidecode to
prevent system administrators from shooting themselves in the foot.
Hopefully the restrictions I'm adding should not affect regular users
of dmidecode who are using this tool for its intended purpose.
--
Jean Delvare
SUSE L3 Support
- [PATCH 0/4] Harden dmidecode,
Jean Delvare <=
- [PATCH 1/4] dmidecode: Ensure /dev/mem is a character device file, Jean Delvare, 2023/02/07
- [PATCH 2/4] dmidecode: Split table fetching from decoding, Jean Delvare, 2023/02/07
- [PATCH 3/4] dmidecode: Write the whole dump file at once, Jean Delvare, 2023/02/07
- [PATCH 4/4] dmidecode: Do not let --dump-bin overwrite an existing file, Jean Delvare, 2023/02/07
- Re: [PATCH 0/4] Harden dmidecode, Jerry Hoemann, 2023/02/08