Re: [PATCH 06/12] x86: Require CAP_COMPROMISE_KERNEL for IO portaccess

From: Matthew Garrett
Date: Tue Mar 19 2013 - 21:05:35 EST

Next message: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Previous message: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Easiest way to do that would be to replace some existing users of CAP_RAW_IO with CAP_SYS_ADMIN and then just insert a couple of extra RAW_IO checks. That would break some existing userspace, but so would introducing a new capability. I'm happy to go that way, but would appreciate some broader feedback that that's the way to go.
--
Matthew Garrett | matthew.garrett@xxxxxxxxxx¢éì®&Þ~º&¶¬–+-±éÝ¥Šw®žË±Êâmébžìdz¹Þ)í…æèw*jg¬±¨¶‰šŽŠÝj/êäz¹ÞŠà2ŠÞ¨èÚ&¢)ß«a¶Úþø®G«éh®æj:+v‰¨Šwè†Ù>Wš±êÞiÛaxPjØm¶ŸÿÃ-»+ƒùdš_

Next message: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Previous message: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]