Re: capable open_port() check wrong for kmem

carbonated beverage (ramune@net-ronin.org)
Mon, 9 Dec 2002 22:51:59 -0800


forgot to cc: linux-kernel:

Hi,

On Tue, Dec 10, 2002 at 05:45:09AM +0000, David Wagner wrote:
> Read-only access to /dev/kmem is probably enough to get root access
> (maybe you can snoop root's password, for instance). This would make
> the power of the two capabilities roughly equivalent, so if this is true,
> I'm not sure I understand the point of splitting them in two this way.

It's rather annoying and counter-intuitive to have:

crw-r----- 1 root kmem 1, 2 Sep 8 21:56 /dev/kmem

but to have the following code fragment give:

int fd;
fd = open("/dev/kmem", O_RDONLY);
if(fd == -1) {
fprintf(stderr, "Can't open /dev/kmem: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}

Can't open /dev/kmem: Operation not permitted

with a user in the kmem group.

Also, the utility I'm writing doesn't need write access, so why give it to
the process in the first place?

-- DN
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/