Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL

From: Matthew Garrett
Date: Tue Mar 19 2013 - 21:09:48 EST

Next message: Simon Jeons: "Re: [PATCHv2, RFC 00/30] Transparent huge page cache"
Previous message: Matthew Garrett: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
In reply to: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Next in thread: Matthew Garrett: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The cases I'd looked at seemed to mostly involve obsolete hardware or only allow command submission to SCSI targets, so I wasn't too worried about them - but, like I said, I've no inherent objection to using CAP_SYS_RAWIO as long as we modify any cases where userspace really does need that access.
--
Matthew Garrett | matthew.garrett@xxxxxxxxxxx‹§²æìr¸›yúèšØb²X¬¶ÇvØ^–)Þ{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü}©ž²ÆzÚ&j:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹®w¥¢¸?™¨èÚ&¢)ßf”ù^jÇy§m…á@A«a¶Úÿ0¶ìh®å’i

Next message: Simon Jeons: "Re: [PATCHv2, RFC 00/30] Transparent huge page cache"
Previous message: Matthew Garrett: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
In reply to: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Next in thread: Matthew Garrett: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]