> Hi,
>
> Below is a patch to drivers/char/mem.c which requires
> CAP_SYS_RAWIO to open /dev/mem, /dev/kmem and /dev/port.
>
> The mem/kmem stuff should maybe consult a different
> privilege, but the port stuff I consider a bug.
Jeez,
I was working under the assumption we already limit /dev/mem et. al to
CAP_SYS_RAWIO. If we don't then this needs applying ASAP.
Well spotted.
Comments: we probably wish to (initially) limit only write access, like
2.0.x. Limiting read access could be fun for various things but I forsee
that as a later development once we've got the basics sorted out.
Chris
PS. I've got some more capability fixes/enhancements queued for once we
have chflags() in 2.3 (which enables immutable on block device).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/