On Fri, Dec 07, 2007 at 02:16:40AM +0530, Tom spot Callaway wrote: > On Thu, 2007-12-06 at 13:39 -0500, Simo Sorce wrote: > > I have the feeling that it is somehow wrong to give sudo that power. > > For su I am still uncertain, but given that su does not authenticate > > the > > final user but only the super user I again wonder if that should give > > any access to the kernel keyring. > > Maybe this is is an ignorant question, but wouldn't you want this for > loading/unloading kernel modules via su -c / sudo? Thanks to the nature > of iwl3945 and similar drivers, I have been known to execute commands > like: > > $ sudo /sbin/modprobe -r iwl3945 > $ sudo /sbin/modprobe iwl3945 > > I'd think that having proper access to the kernel keyring for ops like > that would be ideal, if not necessary. I'm also concerned about when we > start making sudo/su not act like the root user, with all rights and > permissions, because really, that is the purpose of sudo / su, and one > of the reasons that those commands require either root's credentials to > use (su / sudo) and/or specific permission (sudoers). Here's another maybe-ignorant question. The iwl3945 module reads credentials from the kernel keyring of the user/process that loads it? If so, what sort of credentials is it expecting to find there? I don't have a system with one of these, and a quick web search isn't laying it out for me, so a pointer to the right docs would be enough of an answer. Cheers, Nalin -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
