Re: [PATCH] mtrr: s/suser/capable/

From: Richard Gooch (
Date: Fri Sep 01 2000 - 08:31:57 EST

Chris Evans writes:
> On Thu, 31 Aug 2000, Tigran Aivazian wrote:
> > Actually, microcode driver checks CAP_SYS_RAWIO only on open() so it would
> > allow access to the receiver of fd even he has no CAP_SYS_RAWIO
> > privilege. Hmmm, maybe I should put it back into write() method, as Linus
> > (or someone else) did at some point (and I removed it)...
> Please don't put it back into write(). One of the powerful uses of passing
> fds is across privilege boundaries. We don't want that to suddenly stop
> working.
> Look at it this way: if anyone passes a privileged fd, they either
> know what they are doing, or get what they deserve.

I agree. Firstly, you can't frob random memory with the MTRR driver,
so it clearly doesn't need CAP_SYS_RAWIO. Secondly, if a privileged
process (i.e. one which can open RW) wishes to pass the FD, then that
should be allowed.

Besides, we have this nice access control method in Unix: file
permissions. Why not use it?

So, I'm inclined to replace the calls to suser() with a check for
write access on the filp.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:11 EST