CAP_SYS_RAWIO is definitely inappropriate there. Matthew Garrett <matthew.garrett at nebula.com> wrote: >On Tue, 2013-03-19 at 18:02 -0700, H. Peter Anvin wrote: > >> Looking at it in detail, EVERYTHING in CAP_SYS_RAWIO has the >possibility >> of compromising the kernel, because they let device drivers be >bypassed, >> which means arbitrary DMA, which means you have everything. > >Having checked again, I don't think this is true. The most obvious case >is libata, which uses CAP_SYS_RAWIO to limit the ability to send raw >ATA >commands. Being able to do so clearly permits userspace to avoid any >kind of policy the vfs has put in place, but there's no obvious way for >the user to modify the running kernel. Are you suggesting that removing >the CAP_SYS_RAWIO check there would be reasonable? -- Sent from my mobile phone. Please excuse brevity and lack of formatting.
