LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The trouble with CAP_SYS_RAWIO

The trouble with CAP_SYS_RAWIO

Posted Mar 14, 2013 20:03 UTC (Thu) by mjg59 (subscriber, #23239)
In reply to: The trouble with CAP_SYS_RAWIO by WolfWings
Parent article: The trouble with CAP_SYS_RAWIO

A program used to work. After a change, that program no longer works. A non-working program is broken. Breaking that program doesn't add any real additional security in the common (ie, non-Secure Boot) case, and so is undesirable.

(Log in to post comments)

The trouble with CAP_SYS_RAWIO

Posted Mar 17, 2013 15:46 UTC (Sun) by mrjk (subscriber, #48482) [Link]

With the suggested change there would be no program that used to work that would not work now that I can see. Every single current program that worked with dropping privileges after an open would still work the exact same way with caching the new capability at open time and using the cached value on those opened channels.

Can you give an example that would now break -- that wouldn't have broken already?

The trouble with CAP_SYS_RAWIO

Posted Mar 17, 2013 17:02 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

Any application that drops all privileges other than CAP_SYS_RAWIO before attempting the open?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds