Re: [PATCH-NEW] allow root to modify raw scsi command permissionslist

From: Marc Ballarin
Date: Wed Sep 15 2004 - 18:33:31 EST

Next message: Oliver M. Bolzer: "qla2xxx: frequent total lockups (2.6.8, 2.6.9-rc{1-mm5,2})"
Previous message: Andre Tomt: "Re: [sata] new libata-dev-2.6 queue created (AHCI, SATA bridges)"
In reply to: Alan Cox: "Re: [PATCH-NEW] allow root to modify raw scsi command permissionslist"
Next in thread: Peter Jones: "Re: [PATCH-NEW] allow root to modify raw scsi command permissionslist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Sep 2004 22:38:47 +0100
Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:

> You need to check for capable(CAP_SYS_RAWIO) otherwise you elevate
> anyone with access bypass capabilities to CAP_SYS_RAWIO equivalent
> powers.

True. File permissions aren't enough.

Will something like this suffice?

static ssize_t rcf_store_write(struct rawio_cmd_filter *rcf, const char *page,
size_t count)
{

...

if (!capable(CAP_SYS_RAWIO))
return -EPERM;

while(i < RCF_MAX_NR_CMDS)
clear_bit(i++, rcf->write_ok);
...

Regards
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oliver M. Bolzer: "qla2xxx: frequent total lockups (2.6.8, 2.6.9-rc{1-mm5,2})"
Previous message: Andre Tomt: "Re: [sata] new libata-dev-2.6 queue created (AHCI, SATA bridges)"
In reply to: Alan Cox: "Re: [PATCH-NEW] allow root to modify raw scsi command permissionslist"
Next in thread: Peter Jones: "Re: [PATCH-NEW] allow root to modify raw scsi command permissionslist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]