Re: capable open_port() check wrong for kmem

David Wagner (daw@mozart.cs.berkeley.edu)
10 Dec 2002 05:45:09 GMT


carbonated beverage wrote:
> I found that I can't open /dev/kmem O_RDONLY. The open_mem
>and open_kmem calls (open_port()) in drivers/char/mem.c checks for
>CAP_SYS_RAWIO.
>
> Is there a possibility of splitting that off into a read and
>write pair, i.e. CAP_SYS_RAWIO_WRITE, CAP_SYS_RAWIO_READ?

Read-only access to /dev/kmem is probably enough to get root access
(maybe you can snoop root's password, for instance). This would make
the power of the two capabilities roughly equivalent, so if this is true,
I'm not sure I understand the point of splitting them in two this way.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/