On Wed, 12 May 2010 18:29:57 -0700 Chris Wright <chrisw@xxxxxxxxxxxx> wrote: > The PCI config space bin_attr read handler has a hardcoded CAP_SYS_ADMIN > check to verify privileges before allowing a user to read device > dependent config space. This is meant to protect from an unprivileged > user potentially locking up the box. Or hacking it. You could argue the correct requirement is to change it to require CAP_SYS_RAWIO in fact ! > With this patch the sysfs file owner is also considered privileged enough > to read all of the config space. Which breaks the main reason the check was there in the first place. To stop accidents of the form find / -exec grep {} "wibble" blowing up in people's faces. I agree with the problem - but IMHO the fix is to require opening the file checks CAP_SYS_something instead: not to hack the read method and make it even weirder and more un-Linux than it is now. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html