Re: capable open_port() check wrong for kmem

Chris Wright (chris@wirex.com)
Wed, 11 Dec 2002 18:11:44 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard B. Johnson: "Re: Is this going to be true ?"
Previous message: Miles Bader: "Re: romfs"

* carbonated beverage (ramune@net-ronin.org) wrote:
>
> So if I want to have a generic utility that can be used by any user (and
> I'm not granting CAP_SYS_RAWIO to every process), then I can:
>
> 1) make it suid root
> 2) drop all caps other than cap_sys_rawio
>
> or
>
> 1) add the capability to the executable, assuming it worked...

this is not supported without kernel patches. in general you have to
start with full capabilities and shed the ones you don't need.

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Richard B. Johnson: "Re: Is this going to be true ?"
Previous message: Miles Bader: "Re: romfs"