On Wed, 30 Aug 2000, Richard Gooch wrote:
> Grumble. Someone tell me why we can't just remove the suser() calls
> entirely and instead test if the file has write access? That's what
> the permissions on the file are for. Read access lets people take a
> look, but write access is required to change anything.
did you check that it will still work when passing fds? When you pass fd,
the receiver will point to the same 'file' structure so checking the open
mode on each write may not be what is desired, i.e. (in full capabilities
support) a receiver may be denied access when in capabilities sense it
should be allowed.
So, using open file mode in certain situations (mtrr and microcode drivers
are examples) is not ideal - capable(CAP_SYS_RAWIO) is better, imho.
Actually, microcode driver checks CAP_SYS_RAWIO only on open() so it would
allow access to the receiver of fd even he has no CAP_SYS_RAWIO
privilege. Hmmm, maybe I should put it back into write() method, as Linus
(or someone else) did at some point (and I removed it)...
Regards,
Tigran
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 21:00:26 EST