[PATCH 0/4] Harden dmidecode

dmidecode-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/4] Harden dmidecode

From:	Jean Delvare
Subject:	[PATCH 0/4] Harden dmidecode
Date:	Tue, 7 Feb 2023 15:27:52 +0100

The following project was brought to my attention:

  https://github.com/adamreiser/dmiwrite

The project demonstrates how a very permissive sudo configuration can
let an attacker abuse dmidecode for privilege escalation. While it
doesn't exploit any bug in dmidecode, I still consider this a serious
issue as apparently such permissive sudo configurations can be found in
the wild.

Therefore, I decided to add some security hardening to dmidecode to
prevent system administrators from shooting themselves in the foot.
Hopefully the restrictions I'm adding should not affect regular users
of dmidecode who are using this tool for its intended purpose.

-- 
Jean Delvare
SUSE L3 Support

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/4] Harden dmidecode, Jean Delvare <=
- [PATCH 1/4] dmidecode: Ensure /dev/mem is a character device file, Jean Delvare, 2023/02/07
- [PATCH 2/4] dmidecode: Split table fetching from decoding, Jean Delvare, 2023/02/07
- [PATCH 3/4] dmidecode: Write the whole dump file at once, Jean Delvare, 2023/02/07
- [PATCH 4/4] dmidecode: Do not let --dump-bin overwrite an existing file, Jean Delvare, 2023/02/07
- Re: [PATCH 0/4] Harden dmidecode, Jerry Hoemann, 2023/02/08

Prev by Date: Re: [PATCH] dmioem: Avoid intermediate buffer (HPE type 216)
Next by Date: [PATCH 1/4] dmidecode: Ensure /dev/mem is a character device file
Previous by thread: [PATCH] dmioem: Avoid intermediate buffer (HPE type 216)
Next by thread: [PATCH 1/4] dmidecode: Ensure /dev/mem is a character device file
Index(es):
- Date
- Thread