Il 13/02/2013 18:22, H. Peter Anvin ha scritto: >> >> On non-x86 machines CAP_SYS_RAWIO is much less dangerous, especially >> when coupled with file DAC. Discretionary Access Control. > Either way, I think you are at best deluded and more like you just > completely wrong about CAP_SYS_RAWIO being "less dangerous on non-x86 > machines". With the possible exception of s390 I suspect it is, in > fact, more dangerous. I may well be wrong, but as a quick data point CAP_SYS_RAWIO has no occurrences in arch/ except arch/x86. Of course a lot of driver functionality will be limited to CAP_SYS_RAWIO, but usually this requires having a file descriptor for some file. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
