Re: [PATCH 2/2] pci: allow sysfs file owner to read device dependent config space

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 12 May 2010 18:29:57 -0700
Chris Wright <chrisw@xxxxxxxxxxxx> wrote:

> The PCI config space bin_attr read handler has a hardcoded CAP_SYS_ADMIN
> check to verify privileges before allowing a user to read device
> dependent config space.  This is meant to protect from an unprivileged
> user potentially locking up the box.

Or hacking it. You could argue the correct requirement is to change it to
require CAP_SYS_RAWIO in fact !

> With this patch the sysfs file owner is also considered privileged enough
> to read all of the config space.

Which breaks the main reason the check was there in the first place. To
stop accidents of the form

	find / -exec grep {} "wibble"

blowing up in people's faces.


I agree with the problem - but IMHO the fix is to require opening the file
checks CAP_SYS_something instead: not to hack the read method and make it
even weirder and more un-Linux than it is now.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux