From: Matthew Wilcox <matthew@wil.cx>
To: Jon Smirl <jonsmirl@gmail.com>
Cc: Dave Airlie <airlied@gmail.com>,
Arjan van de Ven <arjan@linux.intel.com>,
greg@kroah.com, linux-pci@atrey.karlin.mff.cuni.cz,
linux-kernel@vger.kernel.org, airlied@linux.ie,
pjones@redhat.com, akpm@osdl.org
Subject: Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
Date: Tue, 2 May 2006 18:19:14 -0600 [thread overview]
Message-ID: <20060503001914.GA9609@parisc-linux.org> (raw)
In-Reply-To: <9e4733910605021452r3aec1035pa475b701b2c3563c@mail.gmail.com>
On Tue, May 02, 2006 at 05:52:09PM -0400, Jon Smirl wrote:
> Have you seen this method of getting root from X?
> http://www.cansecwest.com/slides06/csw06-duflot.ppt
> It is referenced from Theo de Raadt interview on kerneltrap
> http://kerneltrap.org/node/6550
That's a great indication of why securelevels aren't.
It pretty much fits the Linux model of "once you're root, you can do
anything". The POSIX Capabilities really don't help either.
I suppose SELinux might be able to help, but I don't care to get into
that discussion here ;-)
next prev parent reply other threads:[~2006-05-03 0:19 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-29 8:46 Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access Arjan van de Ven
2006-04-29 8:51 ` Andrew Morton
2006-04-29 8:59 ` Arjan van de Ven
2006-04-29 9:04 ` Dave Airlie
2006-05-02 16:14 ` Bjorn Helgaas
2006-05-02 16:21 ` Greg KH
2006-05-02 16:51 ` Jesse Barnes
2006-05-04 19:09 ` Bjorn Helgaas
2006-05-04 19:11 ` Arjan van de Ven
2006-05-04 19:26 ` Bjorn Helgaas
2006-05-04 19:42 ` Matthew Garrett
2006-05-04 20:40 ` Jon Smirl
2006-05-04 21:05 ` Peter Jones
2006-05-04 21:17 ` Martin Mares
2006-05-04 21:29 ` Peter Jones
2006-05-04 21:37 ` Martin Mares
2006-05-04 21:38 ` Jon Smirl
2006-05-04 23:22 ` Peter Jones
2006-05-05 19:20 ` Ian Romanick
2006-05-05 20:14 ` Jon Smirl
2006-05-05 20:26 ` Greg KH
2006-05-05 20:35 ` Jon Smirl
2006-05-05 20:43 ` Jon Smirl
2006-05-05 21:10 ` Greg KH
2006-05-05 21:06 ` Greg KH
2006-05-05 21:15 ` Jon Smirl
2006-05-05 22:27 ` Greg KH
2006-05-06 0:05 ` Jon Smirl
2006-05-06 1:57 ` Dave Airlie
2006-05-06 3:39 ` Jon Smirl
2006-05-06 12:42 ` Krzysztof Halasa
2006-05-06 13:08 ` Jon Smirl
2006-05-06 18:10 ` Krzysztof Halasa
2006-05-06 18:24 ` Jon Smirl
2006-05-06 23:16 ` Krzysztof Halasa
2006-05-07 5:56 ` Kyle Moffett
2006-05-07 12:05 ` Krzysztof Halasa
2006-05-07 19:07 ` Kyle Moffett
2006-05-08 0:03 ` Krzysztof Halasa
2006-05-07 13:12 ` Pavel Machek
2006-05-08 14:26 ` Kyle Moffett
2006-05-08 14:54 ` Arjan van de Ven
2006-05-08 4:06 ` Dave Airlie
2006-05-08 5:27 ` Jon Smirl
2006-05-07 8:54 ` Adam Belay
2006-05-14 0:29 ` Benjamin Herrenschmidt
2006-05-14 0:56 ` Jon Smirl
2006-05-14 23:57 ` Benjamin Herrenschmidt
2006-05-15 0:14 ` Jon Smirl
2006-05-14 0:57 ` Patrick McFarland
2006-05-14 1:11 ` Jon Smirl
2006-05-04 21:18 ` Jon Smirl
2006-05-04 21:38 ` Peter Jones
2006-05-04 21:48 ` Jon Smirl
2006-05-04 21:57 ` Peter Jones
2006-05-04 22:05 ` Jon Smirl
2006-05-04 19:49 ` Arjan van de Ven
2006-05-15 2:10 ` Eric W. Biederman
2006-05-02 16:38 ` Jon Smirl
2006-05-02 16:45 ` Arjan van de Ven
2006-05-02 16:59 ` Jon Smirl
2006-05-02 17:00 ` Arjan van de Ven
2006-05-02 17:13 ` Jon Smirl
2006-05-02 18:27 ` Arjan van de Ven
2006-05-02 19:00 ` Jon Smirl
2006-05-02 19:29 ` Peter Jones
2006-05-02 21:40 ` Dave Airlie
2006-05-02 21:52 ` Jon Smirl
2006-05-02 23:36 ` Dave Airlie
2006-05-03 0:19 ` Matthew Wilcox [this message]
2006-05-03 0:26 ` Valdis.Kletnieks
2006-05-03 1:24 ` Jon Smirl
2006-05-03 1:30 ` Dave Airlie
2006-05-03 6:02 ` Arjan van de Ven
2006-05-03 13:23 ` Jon Smirl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060503001914.GA9609@parisc-linux.org \
--to=matthew@wil.cx \
--cc=airlied@gmail.com \
--cc=airlied@linux.ie \
--cc=akpm@osdl.org \
--cc=arjan@linux.intel.com \
--cc=greg@kroah.com \
--cc=jonsmirl@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@atrey.karlin.mff.cuni.cz \
--cc=pjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.