Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL
From: H. Peter Anvin
Date: Wed Mar 20 2013 - 11:03:48 EST
CAP_SYS_RAWIO is definitely inappropriate there.
Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote:
>On Tue, 2013-03-19 at 18:02 -0700, H. Peter Anvin wrote:
>> Looking at it in detail, EVERYTHING in CAP_SYS_RAWIO has the
>> of compromising the kernel, because they let device drivers be
>> which means arbitrary DMA, which means you have everything.
>Having checked again, I don't think this is true. The most obvious case
>is libata, which uses CAP_SYS_RAWIO to limit the ability to send raw
>commands. Being able to do so clearly permits userspace to avoid any
>kind of policy the vfs has put in place, but there's no obvious way for
>the user to modify the running kernel. Are you suggesting that removing
>the CAP_SYS_RAWIO check there would be reasonable?
Sent from my mobile phone. Please excuse brevity and lack of formatting.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/