group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <1861238@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Jul 2020 19:51:49 -0000
Reply-to: Bug 1861238 <1861238@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: linux (Ubuntu Disco)
       Status: Fix Committed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1861238

Title:
  Root can lift kernel lockdown via USB/IP

Status in linux package in Ubuntu:
  Fix Released
Status in linux-oem package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Invalid
Status in linux source package in Bionic:
  Fix Released
Status in linux-oem source package in Bionic:
  Fix Released
Status in linux source package in Disco:
  Won't Fix
Status in linux source package in Eoan:
  Fix Released
Status in linux source package in Focal:
  Fix Released

Bug description:
  [Impact]

  It's possible to turn off kernel lockdown by emulating a USB keyboard
  via USB/IP and sending an Alt+SysRq+X key combination through it.

  Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and
  CONFIG_USBIP_CORE=m) with signed usbip_core and vhci_hcd modules
  provided in the linux-extra-modules-* package.

  See the PoC here: https://github.com/xairy/unlockdown#method-1-usbip

  [Test Case]

  $ git clone https://github.com/xairy/unlockdown.git
  $ cd unlockdown/01-usbip/
  $ sudo ./run.sh
  $ dmesg

  # Ensure there are no log entries talking about lifting lockdown:
  sysrq: SysRq : Disabling Secure Boot restrictions
  Lifting lockdown

  # You should see a SysRq help log entry because the Alt+SysRq+X
  # combination should be disabled
  sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)

  [Regression Potential]

  Some users may see a usability regression due to the Lockdown lift
  sysrq combination being removed. Some users are known to disable
  lockdown, using the sysrq combination, in order to perform some
  "dangerous" operation such as writing to an MSR. It is believed that
  this is a small number of users but it is impossible to know for sure.

  Users that rely on this functionality may need to permanently disable
  secure boot using 'mokutil --disable-validation'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions