Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability

From: Alan Cox
Date: Thu Oct 18 2018 - 15:44:03 EST

Next message: Wenwen Wang: "[PATCH] misc: mic: fix a DMA pool free failure"
Previous message: Matthias Kaehlcke: "Re: [PATCH v5 1/2] dt-bindings: iio: vadc: Update example to include unit address for node 'usb-id-nopull'"
In reply to: Gustavo A. R. Silva: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Next in thread: Dmitry Torokhov: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 16 Oct 2018 20:12:43 +0200
"Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx> wrote:

> On 10/16/18 8:09 PM, Dmitry Torokhov wrote:
>
> >
> > /dev/uinput
>
> I've got it. This explains it all. :)
>
> > must be 0600, or accessible to equally privileged user, or you'll be opening your system to much mischief.

Still a correct change.

CAP_SYS_RAWIO is not the same as being root, especially in a container.

Alan

Next message: Wenwen Wang: "[PATCH] misc: mic: fix a DMA pool free failure"
Previous message: Matthias Kaehlcke: "Re: [PATCH v5 1/2] dt-bindings: iio: vadc: Update example to include unit address for node 'usb-id-nopull'"
In reply to: Gustavo A. R. Silva: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Next in thread: Dmitry Torokhov: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]