On Sat, 22 Jul 2000, Miquel van Smoorenburg wrote:
> According to James Sutherland:
> > On 21 Jul 2000, Miquel van Smoorenburg wrote:
> > > It _is_ possible. Check out "capabilities".
> >
> > It isn't possible. Root can bypass them all completely, as long as
> > /dev/kmem etc. exist.
>
> If CAP_SYS_RAWIO isn't set, even root cannot open /dev/mem /dev/kmem
> and /dev/port. Read linux/char/mem.c, check open_port etc
So much for the "root is god" claims made earlier, then. What about iopl()
and the like? IF capabilities can be used to block this (and similar), and
Andre's "sanity checking" for ATA is added, then surely it *IS* possible
to prevent root screwing the HDD (without replacing the kernel, at which
point all bets are off, of course).
> > Shall we delete capabilities on this basis? I think
> > not - so why apply that argument to Andre's bugfix?
>
> Well no, as many others have pointed out, it's the other way around-
> capabilities should be applied to everything that gives access to
> some hardware's firmware programming interface.
Quite the opposite of the approach some were advocating, then - give root
absolute and unconditional power to do anything, however stupid.
James.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST