diff --git a/config/redbear-full.toml b/config/redbear-full.toml index ad4f0ff671..d5da843011 100644 --- a/config/redbear-full.toml +++ b/config/redbear-full.toml @@ -633,3 +633,15 @@ path = "/etc/environment.d/90-dbus.conf" data = """ DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket """ + +[[files]] +path = "/home/user" +data = "" +directory = true +mode = 0o755 + +[[files]] +path = "/root" +data = "" +directory = true +mode = 0o700 diff --git a/local/recipes/system/coretempd/source/src/main.rs b/local/recipes/system/coretempd/source/src/main.rs index 69f2b8dbf0..c92117eaa4 100644 --- a/local/recipes/system/coretempd/source/src/main.rs +++ b/local/recipes/system/coretempd/source/src/main.rs @@ -63,14 +63,9 @@ fn detect_vendor(cpu: u32) -> Vendor { return Vendor::Amd; } } - // Fall back to MSR probing if platform info unavailable - if read_msr(cpu, IA32_THERM_STATUS).is_some() { - Vendor::Intel - } else if read_msr(cpu, AMD_TCTL).is_some() { - Vendor::Amd - } else { - Vendor::Unknown - } + // MSR probing disabled: even with the probe guard, the kernel can UAF + // during sys_read on /scheme/sys/msr. Use /scheme/sys/cpu exclusively. + Vendor::Unknown } fn detect_cpus() -> Vec {