"Eric S. Raymond" <esr@thyrsus.com> said:
[...]
> But only for people and programs with root privileges. It all turns
> then, on whether we want to insist that all software doing hardware
> probing must have root privileges to function.
So bind it to a capability.
> I submit that the answer is "no" -- the right direction, for security
> and other reasons, is to make *fewer* capabilities dependent on root
> privileges rather than more, and to reject design approaches that
> imply creating more suid programs to give ordinary users capabilities
> that involve only *reading* config information.
Then create /etc/dmi or /var/log/dmi on boot from an initscript. /proc is a
nice idea for _process_ information, the other junk in there should go away
IMVHO. Hard to do as it is now customary. Adding more junk is (a) kernel
bloat, (b) hard to clean up later.
-- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 07 2002 - 21:00:21 EST