>carbonated beverage wrote:
>> I found that I can't open /dev/kmem O_RDONLY. The open_mem
>>and open_kmem calls (open_port()) in drivers/char/mem.c checks for
>>CAP_SYS_RAWIO.
>> Is there a possibility of splitting that off into a read and
>>write pair, i.e. CAP_SYS_RAWIO_WRITE, CAP_SYS_RAWIO_READ?
>Read-only access to /dev/kmem is probably enough to get root access
>(maybe you can snoop root's password, for instance). This would make
>the power of the two capabilities roughly equivalent, so if this is true,
>I'm not sure I understand the point of splitting them in two this way.
Many capabilities can be leveraged into root access with sufficient
cleverness. If this were considered a sufficient argument for merging
capabilities, we'd have far fewer of them.
DS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/