Re: Direct access to hardware

From: Miquel van Smoorenburg (miquels@cistron.nl)
Date: Sat Jul 22 2000 - 06:44:50 EST

Next message: Khimenko Victor: "Re: Direct access to hardware"
Previous message: Ivo Janssen: "linux<->solaris NFS performance questions"
In reply to: James Sutherland: "Re: Direct access to hardware"
Next in thread: James Sutherland: "Re: Direct access to hardware"
Reply: James Sutherland: "Re: Direct access to hardware"
Reply: James Sutherland: "Re: Direct access to hardware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to James Sutherland:
> On 21 Jul 2000, Miquel van Smoorenburg wrote:
> > It _is_ possible. Check out "capabilities".
>
> It isn't possible. Root can bypass them all completely, as long as
> /dev/kmem etc. exist.

If CAP_SYS_RAWIO isn't set, even root cannot open /dev/mem /dev/kmem
and /dev/port. Read linux/char/mem.c, check open_port etc

> Shall we delete capabilities on this basis? I think
> not - so why apply that argument to Andre's bugfix?

Well no, as many others have pointed out, it's the other way around-
capabilities should be applied to everything that gives access to
some hardware's firmware programming interface.

Mike.

-- Cistron Certified Internetwork Expert #1.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Khimenko Victor: "Re: Direct access to hardware"
Previous message: Ivo Janssen: "linux<->solaris NFS performance questions"
In reply to: James Sutherland: "Re: Direct access to hardware"
Next in thread: James Sutherland: "Re: Direct access to hardware"
Reply: James Sutherland: "Re: Direct access to hardware"
Reply: James Sutherland: "Re: Direct access to hardware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:18 EST