Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability
From: Dmitry Torokhov
Date: Thu Oct 18 2018 - 16:07:27 EST
On Thu, Oct 18, 2018 at 12:43 PM Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Tue, 16 Oct 2018 20:12:43 +0200
> "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx> wrote:
>
> > On 10/16/18 8:09 PM, Dmitry Torokhov wrote:
> >
> > >
> > > /dev/uinput
> >
> > I've got it. This explains it all. :)
> >
> > > must be 0600, or accessible to equally privileged user, or you'll be opening your system to much mischief.
>
> Still a correct change.
>
> CAP_SYS_RAWIO is not the same as being root, especially in a container.
Giving access to uinput in an unprivileged container is nutty as well.
Thanks.
--
Dmitry