So, as was kind of alluded to in another part of the thread, what are
you doing about permissions? It seems that any user/group permissions
are out the window when you have the kernel itself do the opening of the
char device, right? Why is that ok? You can pass it _any_ character
device node and away it goes? What if you give it a "wrong" one? Char
devices are very different from block devices this way.
We could condition any configfs operation on capable(CAP_NET_ADMIN) to
close that hole for now..
Why that specific permission?
Meant CAP_SYS_ADMIN
And what about the "pass any random char device name" issue? What
happens if you pass /dev/random/ as the string?
What is the difference if the application is opening the device if
it has the wrong path?
