Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKETioctls only work as root)

From: K.R. Foley
Date: Mon Oct 04 2004 - 09:27:46 EST

Next message: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
Previous message: Erich Focht: "Re: [Lse-tech] [PATCH] cpusets - big numa cpu and memory placement"
In reply to: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jens Axboe wrote:

On Mon, Oct 04 2004, Luke Kenneth Casson Leighton wrote:

found it.

it's a new piece of kernel code verify_command in
drivers/block/scsi_ioctl.c, which checks for the capability
CAP_SYS_RAWIO.

ah, dammit.

for k3b to work, you'd have to install it setuid root, call
getcap(), remove all but the necessary capabilities (i.e. don't
remove CAP_SYS_RAWIO), do a setfsuid() and setfsgid() and do
a setcap().

it works in 2.6.9-rcX.

I don't know for sure if this is related or not, but it sure sounds like it. I have noticed the following in at least the last few versions (I believe 2.6.9-rc2 also): Even though CONFIG_SECURITY_CAPABILITIES can be configured as a module, if I don't compile it into the kernel getcap and setcap fail.

kr
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
Previous message: Erich Focht: "Re: [Lse-tech] [PATCH] cpusets - big numa cpu and memory placement"
In reply to: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]