On Thu, 27 Jul 2000, Chris Evans wrote:
> > > If somebody sends me a patch to change CAP_SYS_ADMIN into CAP_SYS_RAWIO,
> > > I'll apply it in a jiffy.
> >
> > I'll fix 2.2
>
> I could be wrong (tm), but I think Matthew Kirkwood has had a patch
> restricting raw drive command ioctl()'s to CAP_SYS_RAWIO, for a while
> ;-)
http://ferret.lmh.ox.ac.uk/~weejock/cap-rawio-fixes.diff
has a stack of them. Quite a few apply to IDE code, though I
couldn't promise that I caught the dangerous one in this case.
It's against an old kernel though. If it's considered worthwhile,
I shall re-audit a recent 2.3 (and maybe 2.2) for the ADMINs which
should probably be RAWIOs.
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:22 EST