LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

CAP_SYS_RAWIO

CAP_SYS_RAWIO

Posted Aug 20, 2004 23:31 UTC (Fri) by giraffedata (subscriber, #1954)
In reply to: 2.6.8 and CD recording by pascal.martin
Parent article: 2.6.8 and CD recording

You have to be able to get a device file open in order to do raw I/O to it with CAP_SYS_RAWIO, but yes, the capability applies equally to all devices for which you can get a device file open. The read/write mode of the open is usually irrelevant.

In the traditional Unix security model, instead of having a vast matrix of principle/privilege combinations designed into the kernel, you're expected to build the kind of security you're talking about with setuid programs and daemons on top of the kernel. I like it that way. I used to even like the only-one-capability model (uid 0/not uid 0), but the realities of system bugs have brought me around to liking the slightly more fine-grained capabilities we have now.

In case it isn't obvious what kind of security I'm talking about: You don't give an interactive shell CAP_SYS_RAWIO, but rather give a program CAP_SYS_RAWIO and give principles permission to execute the program. The program should exploit the capability only to do very specific things, and might do some further permission checking, maybe based on which device you're accessing. Or, give a daemon process CAP_SYS_RAWIO and send it socket messages. The daemon authenticates you and does your bidding only against devices you are authorized to do raw I/O to.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds