thinkpad-acpi: lock down video output state access

Given the right combination of ThinkPad and X.org, just reading the
video output control state is enough to hard-crash X.org.

Until the day I somehow find out a model or BIOS cut date to not
provide this feature to ThinkPads that can do video switching through
X RandR, change permissions so that only processes with CAP_SYS_ADMIN
can access any sort of video output control state.

This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of X.org to
hard-crash some ThinkPads.

Reported-by: Jidanni <jidanni@jidanni.org>
Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: stable@kernel.org

1 files changed, 8 insertions, 2 deletions

diff --git a/drivers/platform/x86/Kconfig b/drivers/platform/x86/Kconfig
index f526e735c5ab..11fce79b61d1 100644
--- a/drivers/platform/x86/Kconfig
+++ b/drivers/platform/x86/Kconfig
@@ -319,9 +319,15 @@ config THINKPAD_ACPI_VIDEO
           server running, phase of the moon, and the current mood of
           Schroedinger's cat.  If you can use X.org's RandR to control
           your ThinkPad's video output ports instead of this feature,
-          don't think twice: do it and say N here to save some memory.
+          don't think twice: do it and say N here to save memory and avoid
+          bad interactions with X.org.
 
-          If you are not sure, say Y here.
+          NOTE: access to this feature is limited to processes with the
+          CAP_SYS_ADMIN capability, to avoid local DoS issues in platforms
+          where it interacts badly with X.org.
+
+          If you are not sure, say Y here but do try to check if you could
+          be using X.org RandR instead.
 
 config THINKPAD_ACPI_HOTKEY_POLL
         bool "Support NVRAM polling for hot keys"