On Wed, Feb 21, 2018 at 11:47 AM, Luck, Tony <tony.l...@intel.com> wrote:
>
> The EFI calls are all about checking system configuration. A thing
> that only a handful of users do on a very occasional basis. I don't
> see much harm if my "efibootmgr -v" call is slowed down a bit (or even
> a lot) because you are using a bunch of the available ratelimit reading
> the efivars.
>
It's not about slowing down.
It's about "user Xyz is messing with the system and reading efi vars
all the time" resulting in "user 'torvalds' is installing a kernel,
and actually wants to read efi vars, but can't".
if you don't make it per-user, you're just replacing one DoS attack
with another one!
Linus
