oss-sec mailing list archives
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon
From: Jonas Witschel <diabonas () archlinux org>
Date: Thu, 6 Aug 2020 13:06:23 +0200
On 2020-08-05 14:51, Jerry Snitselaar wrote:
Mitigation and Bugfixes ======================= It seems best to me to run the tcsd as the tss:tss user and group right away and to not rely on the privilege drop logic implemented in the daemon itself. All of a), b) and c) should no longer be problematic in this case. I found that on Debian and Gentoo Linux this is already the case. To make this work a udev rule needs to be packaged that passes ownership of /dev/tpm0 device to the tss user. To prevent regressions when switching from the privilege drop approach to this new approach, a possibly already existing /var/lib/tpm/system.auth file needs to be safely chown()'ed to the tss user during package updates.On Fedora and RHEL there currently is a udev rule (from upstream) that ships with the tpm2-tss package that is setting ownership of /dev/tpm0 to tss:root. I don't recall what the reasoning was for the group being root. For /dev/tpmrm0 it sets it to tss:tss, so not sure what the reason was for /dev/tpm0. I believe that package is part of a default install, so that will need to be worked out. I don't know if you run into that with SUSE as well.
The idea behind not giving the tss group access to /dev/tpm0 as well is to prevent users from gaining direct access to the TPM and being able to DoS it. Users privileged to access the TPM should be added to the tss group so that they can access the TPM trough an access broker/resource manager (like tpm2-abrmd, the in-kernel resource manager /dev/tpmrm0, or tcsd in case of TPM 1.2), but not have "bare metal" access, which is limited to the tss user and root. See [1] for reference. Cheers, Jonas [1] https://github.com/tpm2-software/tpm2-tss/pull/963#issuecomment-381142241
Attachment:
signature.asc
Description:
Current thread:
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Marco Benatto (Aug 03)
- Re: [TrouSerS-tech] [oss-security] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 04)
- <Possible follow-ups>
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jerry Snitselaar (Aug 06)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jonas Witschel (Aug 06)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon James Bottomley (Aug 06)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jonas Witschel (Aug 06)