On 03/20/2013 08:14 AM, Matthew Garrett wrote: > On Wed, 2013-03-20 at 08:03 -0700, H. Peter Anvin wrote: >> CAP_SYS_RAWIO is definitely inappropriate there. > > Ok. How do we fix that without breaking userspace that expects > CAP_SYS_RAWIO to be sufficient? > I don't think we can to some way, because when what you have is fundamentally broken, it's hard to fix. However, it is extremely likely that the number of affected applications is vanishingly small. There probably are a handful of apps that do this, and I wouldn't be surprised if most of them simply run as root. -hpa
