On Wed, Aug 23, 2017 at 7:56 AM, Luck, Tony <tony.luck@xxxxxxxxx> wrote: >>> Should this not also have a capability check. Assuming file permissions >>> are sufficient for grabbing a chunk of system memory holding error >>> info doesn't seem too scary but it's at odds with a lot of other cases ? >> >> At least one of those other cases (pstore) added a capability check and now regret >> it. There's a thread on reverting it. Look for: >> >> Revert "pstore: Honor dmesg_restrict sysctl on dmesg dumps" > > Here's at least part of that thread: > > https://marc.info/?l=linux-kernel&m=150301241114262&w=2 > > Kees: you were OK with removing the capability check from pstore, right? Yeah, as long as there is comparable protections. -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
