Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem

From: Manfred Spraul (manfred@colorfullife.com)
Date: Sun Oct 13 2002 - 12:04:22 EST

Next message: Dipankar Sarma: "Re: Linux v2.5.42"
Previous message: Brian Jackson: "Re: Linux v2.5.42"
In reply to: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Next in thread: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Reply: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Olaf Dietsche wrote:
>
> Now, I have to run this process as root, regardless of filesystem
> permissions. So, if I trust this particular process with full
> privileges now, there's no problem in reducing its power a little bit.
>
What about writing a small wrapper application that drops all priveleges
except CAP_RAWIO, switches to user to the user you want, then execs the
target application that needs to access /dev/kmem?

Or store the capabilities in the filesystem, but I don't know which
filesystem supports that.

-- Manfred

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Dipankar Sarma: "Re: Linux v2.5.42"
Previous message: Brian Jackson: "Re: Linux v2.5.42"
In reply to: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Next in thread: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Reply: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Oct 15 2002 - 22:00:46 EST