On Wed, 2013-02-13 at 10:44 -0800, H. Peter Anvin wrote:
> So people have piggybacked complete inappropriate junk onto
> CAP_SYS_RAWIO. Great. What the hell do we do now? We can't break
> apart CAP_SYS_RAWIO because we don't have hierarchical capabilities.
Yeah. Like I said, it's approximately useless.
> We thus have a bunch of unpalatable choices, **all of which are wrong**.
>
> This, incidentally, is *exactly* the reason I object to
> CAP_COMPROMISE_KERNEL as well... it describes a usage model, not a resource.
Like I said, I'm not wed to a capability-based model. However, it does
seem marginally more attractive than sprinkling if (!secure_boot) all
over the place. If anyone has alternatives, this would be a great time
to raise them.
--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
��.n��������+%�������w��{.n�����{����*�jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
