> * Olaf Dietsche (olaf.dietsche#list.linux-kernel@t-online.de) wrote:
>>
>> I haven't got a convincing answer against this patch, so far. The
>> patch applies to 2.5.43 as well.
>> Linus, please apply.
Hehe, "please apply" is watched a lot more closely, it seems. Good to
know ;-)
> No way. This is clearly a bad idea. CAP_SYS_RAWIO should be treated very
> seriously, look at what it enables. CAP_DAC_OVERRIDE is substantially
> less powerful, and if you remove this check, it would be the only
> capability protecting this.
$ grep -r CAP_SYS_RAWIO v2.5.43 | wc
55
Well, since CAP_SYS_RAWIO is such a dangerous beast and /dev/kmem can't
live without, then something like CAP_SYS_KMEM would be more
appropriate.
Here's a new untested patch against 2.5.43. Comments?
Regards, Olaf.
diff -urN a/drivers/char/mem.c b/drivers/char/mem.c
--- a/drivers/char/mem.c Sat Oct 5 18:44:55 2002
+++ b/drivers/char/mem.c Thu Oct 17 16:02:56 2002
@@ -525,7 +525,7 @@
static int open_port(struct inode * inode, struct file * filp)
{
- return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
+ return capable(CAP_SYS_KMEM) ? 0 : -EPERM;
}
#define mmap_kmem mmap_mem
diff -urN a/include/linux/capability.h b/include/linux/capability.h
--- a/include/linux/capability.h Sat Oct 5 18:43:38 2002
+++ b/include/linux/capability.h Thu Oct 17 16:02:35 2002
@@ -283,6 +283,10 @@
#define CAP_LEASE 28
+/* Allow access to system memory */
+
+#define CAP_SYS_KMEM 29
+
#ifdef __KERNEL__
/*
* Bounding set
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/