On 14.10.2014 22:37, Martin Pitt wrote:
Ah, how does that work? I'm not aware of an ELF/kernel feature which
allows doing that, this sounds interesting?
https://www.insecure.ws/2013/12/17/lesser-known-tool-of-the-day-getcap-setcap-and-file-capabilities/
Note that at least CAP_SYS_MODULE is equivalent to root (as you can
load any local .ko which can then provide you with a backdoor into the
kernel),
I guess you have to put the .ko file at a protected place of filesystem
for it to get loaded. And maybe it would even require recompiling kernel
with your .ko in mind. I am not sure how it works. I only use ubuntu for
a month now.
If open and read on them is additionally protected by CAP_SYS_RAWIO,
then world-readability should not hurt indeed (note that I haven't
verified this). Martin
Trust me. Tried already.
--
Ubuntu-devel-discuss mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
