User: Password:
|
|
Subscribe / Log in / New account

Naming proposal

Naming proposal

Posted Sep 14, 2012 2:19 UTC (Fri) by clemenstimpler (guest, #71914)
Parent article: Preparing the kernel for UEFI secure boot

THWART_SECURE_FIRMWARE.

Maybe the first appearance of this beautiful verb in the linux kernel?


(Log in to post comments)

Naming proposal

Posted Sep 16, 2012 13:56 UTC (Sun) by nix (subscriber, #2304) [Link]

It's the first reference outside documentation, certainly.

Naming proposal

Posted Oct 4, 2012 8:47 UTC (Thu) by oak (guest, #2786) [Link]

The capability isn't about thwarting secure boot, but whether its enabled.

Maybe the name could be CAPS_UNSECURED_BOOT, CAPS_ALLOW_UNLOCK, CAPS_DRM_UNLOCKED...?

Btw. Regarding this comment in the article:
"they vary from CAP_DAC_OVERRIDE (able to override file permissions) to CAP_NET_BIND_SERVICE (can bind to a low-numbered TCP port) to CAP_SYS_ADMIN (can do a vast number of highly privileged things)"

IMHO the most annoyingly ambivalent capability is CAP_SYS_PTRACE. Many low level developer tools need it, whether it's question of ptrace() calls (Gdb, strace...) which can modify the attached process *or* just reading process maps & smaps files from proc/ to find out processes real memory usage.

Latter restriction is especially frustrating because memory usage information is something that even normal user may need access to, to find out what process in his/her system is making it to crawl, or to provide information about that to a developer (using some tool suitable for that).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds