Posted Aug 20, 2004 23:31 UTC (Fri) by giraffedata
In reply to: 2.6.8 and CD recording
Parent article: 2.6.8 and CD recording
You have to be able to get a device file open in order to do raw I/O to it with CAP_SYS_RAWIO, but yes, the capability applies equally to all devices for which you can get a device file open. The read/write mode of the open is usually irrelevant.
In the traditional Unix security model, instead of having a vast matrix of principle/privilege combinations designed into the kernel, you're expected to build the kind of security you're talking about with setuid programs and daemons on top of the kernel. I like it that way. I used to even like the only-one-capability model (uid 0/not uid 0), but the realities of system bugs have brought me around to liking the slightly more fine-grained capabilities we have now.
In case it isn't obvious what kind of security I'm talking about:
You don't give an interactive shell CAP_SYS_RAWIO, but rather give a program CAP_SYS_RAWIO and give principles permission to execute the program. The program should exploit the capability only to do very specific things, and might do some further permission checking, maybe based on which device you're accessing. Or, give a daemon process CAP_SYS_RAWIO and send it socket messages. The daemon authenticates you and does your bidding only against devices you are authorized to do raw I/O to.
to post comments)