Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability

From: Dmitry Torokhov
Date: Thu Oct 18 2018 - 16:07:27 EST

Next message: Sinan Kaya: "Re: [PATCH 3/3] x86/quirks: Add parameter to clear MSIs early on boot"
Previous message: Ondrej Zary: "Re: bioset changes in 4.18 broke aha1542"
In reply to: Alan Cox: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Next in thread: Pavel Machek: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 18, 2018 at 12:43 PM Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Tue, 16 Oct 2018 20:12:43 +0200
> "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx> wrote:
>
> > On 10/16/18 8:09 PM, Dmitry Torokhov wrote:
> >
> > >
> > > /dev/uinput
> >
> > I've got it. This explains it all. :)
> >
> > > must be 0600, or accessible to equally privileged user, or you'll be opening your system to much mischief.
>
> Still a correct change.
>
> CAP_SYS_RAWIO is not the same as being root, especially in a container.

Giving access to uinput in an unprivileged container is nutty as well.

Thanks.

--
Dmitry

Next message: Sinan Kaya: "Re: [PATCH 3/3] x86/quirks: Add parameter to clear MSIs early on boot"
Previous message: Ondrej Zary: "Re: bioset changes in 4.18 broke aha1542"
In reply to: Alan Cox: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Next in thread: Pavel Machek: "Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]