On Wed, 2013-02-13 at 10:44 -0800, H. Peter Anvin wrote:
> So people have piggybacked complete inappropriate junk onto
> CAP_SYS_RAWIO. Great. What the hell do we do now? We can't break
> apart CAP_SYS_RAWIO because we don't have hierarchical capabilities.
Yeah. Like I said, it's approximately useless.
> We thus have a bunch of unpalatable choices, **all of which are wrong**.
>
> This, incidentally, is *exactly* the reason I object to
> CAP_COMPROMISE_KERNEL as well... it describes a usage model, not a resource.
Like I said, I'm not wed to a capability-based model. However, it does
seem marginally more attractive than sprinkling if (!secure_boot) all
over the place. If anyone has alternatives, this would be a great time
to raise them.
--
Matthew Garrett | mj...@srcf.ucam.org
N�����r��y����b�X��ǧv�^�){.n�+����{����zX�����ܨ}���Ơz�&j:+v��������zZ+��+zf���h���~����i���z���w���?�����&�)ߢ�f��^jǫy�m��@A�a���
�0��h����i
