Re: capable open_port() check wrong for kmem

From: carbonated beverage (
Date: Tue Dec 10 2002 - 01:51:59 EST

forgot to cc: linux-kernel:


On Tue, Dec 10, 2002 at 05:45:09AM +0000, David Wagner wrote:
> Read-only access to /dev/kmem is probably enough to get root access
> (maybe you can snoop root's password, for instance). This would make
> the power of the two capabilities roughly equivalent, so if this is true,
> I'm not sure I understand the point of splitting them in two this way.

It's rather annoying and counter-intuitive to have:

crw-r----- 1 root kmem 1, 2 Sep 8 21:56 /dev/kmem

but to have the following code fragment give:

int fd;
        fd = open("/dev/kmem", O_RDONLY);
        if(fd == -1) {
                fprintf(stderr, "Can't open /dev/kmem: %s\n", strerror(errno));

Can't open /dev/kmem: Operation not permitted

with a user in the kmem group.

Also, the utility I'm writing doesn't need write access, so why give it to
the process in the first place?

-- DN
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Dec 15 2002 - 22:00:16 EST