From: Olaf Dietsche <olaf.dietsche#list.linux-kernel@t-online.de>
To: Manfred Spraul <manfred@colorfullife.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem
Date: Sun, 13 Oct 2002 18:45:57 +0200 [thread overview]
Message-ID: <873crauw1m.fsf@goat.bogus.local> (raw)
In-Reply-To: <3DA99A8B.5050102@colorfullife.com> (Manfred Spraul's message of "Sun, 13 Oct 2002 18:08:43 +0200")
Manfred Spraul <manfred@colorfullife.com> writes:
> Olaf Dietsche wrote:
> > Manfred Spraul <manfred@colorfullife.com> writes:
> >
> >
> >>>In drivers/char/mem.c there's open_port(), which is used as open_mem()
> >>>and open_kmem() as well. I don't see the benefit of this, since
> >>>/dev/mem and /dev/kmem are already protected by filesystem
> >>>permissions.
> >>>
> >>
> >>capabilities can be stricter than filesystem permissions
> >
> >
> > Which means, it prevents me from giving access to /dev/kmem to an
> > otherwise unprivileged process.
> >
> Do you know what access to /dev/kmem means?
Which is not the point. Just assume for a moment, I know what I'm
doing :-)
> A process that can read /dev/kmem can read /etc/shadow and probaly all
> other files he can force into memory.
>
> A process that can write to /dev/kmem can give himself ultimate
> capabilities by modifying it's own uid/capability set.
Now, I have to run this process as root, regardless of filesystem
permissions. So, if I trust this particular process with full
privileges now, there's no problem in reducing its power a little bit.
> Have you tried to disable the capabilities? I think there is a kernel
> option that disables them.
I don't want to disable capabilities. I want to get rid of this
particular use.
>>>, and the call
>>>is needed to update the PF_SUPERPRIV process flag.
>> What exactly is PF_SUPERPRIV good for? I see no real use in the
>> source. There is exactly one test for this flag (kernel/acct.c:336),
>> then sets another flag (ASU), which in turn is used nowhere else.
>> So, I think we could get rid of this flag as well. Comments?
>>
>
> Part of BSD process accounting - you have just broken backward
> compatibility with user space.
Ok, thanks for this hint.
Regards, Olaf.
next prev parent reply other threads:[~2002-10-13 16:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3DA985E6.6090302@colorfullife.com>
2002-10-13 15:48 ` [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem Olaf Dietsche
[not found] ` <3DA99A8B.5050102@colorfullife.com>
2002-10-13 16:45 ` Olaf Dietsche [this message]
2002-10-13 17:04 ` Manfred Spraul
2002-10-13 22:05 ` Olaf Dietsche
2002-10-17 11:42 ` Andreas Steinmetz
2002-10-13 12:46 Olaf Dietsche
2002-10-17 11:00 ` Olaf Dietsche
2002-10-17 11:32 ` Chris Evans
2002-10-17 12:30 ` Chris Wright
2002-10-17 14:14 ` Olaf Dietsche
[not found] ` <200210171807.33178.oliver@neukum.name>
2002-10-17 17:00 ` Olaf Dietsche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873crauw1m.fsf@goat.bogus.local \
--to=olaf.dietsche#list.linux-kernel@t-online.de \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox