Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem

From: Olaf Dietsche (olaf.dietsche#list.linux-kernel@t-online.de)
Date: Sun Oct 13 2002 - 17:05:40 EST

Next message: Linus Torvalds: "Re: [PATCH] Summit support for 2.5 [0/4]"
Previous message: Stig Brautaset: "Re: 2.5 Problem Report Status"
In reply to: Manfred Spraul: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Next in thread: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Manfred Spraul <manfred@colorfullife.com> writes:

> Olaf Dietsche wrote:
>> Now, I have to run this process as root, regardless of filesystem
>> permissions. So, if I trust this particular process with full
>> privileges now, there's no problem in reducing its power a little bit.
>>
> What about writing a small wrapper application that drops all
> priveleges except CAP_RAWIO, switches to user to the user you want,
> then execs the target application that needs to access /dev/kmem?

I just tried this, but I didn't succeed. :-(

> Or store the capabilities in the filesystem, but I don't know which
> filesystem supports that.

There's none so far.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [PATCH] Summit support for 2.5 [0/4]"
Previous message: Stig Brautaset: "Re: 2.5 Problem Report Status"
In reply to: Manfred Spraul: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Next in thread: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Oct 15 2002 - 22:00:47 EST