Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Matthew Wilcox: "[PATCH] Add generic prefetch xor routines"
• Previous message: Peter Wächtler: "[PATCH] 2.5.43 futex, error in error path"
• Maybe in reply to: Olaf Dietsche: "[PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from"

>> diff -urN a/drivers/char/mem.c b/drivers/char/mem.c
>> --- a/drivers/char/mem.c Sat Oct 5 18:44:55 2002
>> +++ b/drivers/char/mem.c Thu Oct 17 16:02:56 2002
>> @@ -525,7 +525,7 @@
>>
>> static int open_port(struct inode * inode, struct file * filp)
>> {
>> - return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
>> + return capable(CAP_SYS_KMEM) ? 0 : -EPERM;
>
> return capable(CAP_SYS_KMEM) && capable(CAP_SYS_RAWIO) ? 0 : _EPERM;
>
> Unless you check for RAWIO you can gain RAWIO by illegitimate means.

It's embarrassing, but it took until now for me to realize, that this
tries to protect CAP_SYS_RAWIO and not /dev/kmem. Well, thanks for
being patient with me.

> Now whether one place justifies a whole capability is another question.

This is unnecessary then.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Matthew Wilcox: "[PATCH] Add generic prefetch xor routines"
• Previous message: Peter Wächtler: "[PATCH] 2.5.43 futex, error in error path"
• Maybe in reply to: Olaf Dietsche: "[PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from"