Chris Evans writes:
>
> On Thu, 31 Aug 2000, Tigran Aivazian wrote:
>
> > Actually, microcode driver checks CAP_SYS_RAWIO only on open() so it would
> > allow access to the receiver of fd even he has no CAP_SYS_RAWIO
> > privilege. Hmmm, maybe I should put it back into write() method, as Linus
> > (or someone else) did at some point (and I removed it)...
>
> Please don't put it back into write(). One of the powerful uses of passing
> fds is across privilege boundaries. We don't want that to suddenly stop
> working.
>
> Look at it this way: if anyone passes a privileged fd, they either
> know what they are doing, or get what they deserve.
I agree. Firstly, you can't frob random memory with the MTRR driver,
so it clearly doesn't need CAP_SYS_RAWIO. Secondly, if a privileged
process (i.e. one which can open RW) wishes to pass the FD, then that
should be allowed.
Besides, we have this nice access control method in Unix: file
permissions. Why not use it?
So, I'm inclined to replace the calls to suser() with a check for
write access on the filp.
Regards,
Richard....
Permanent: [EMAIL PROTECTED]
Current: [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
