I've booted it on a few of my laptops, and nothing seemed to break. Is there a particular test-suite you'd recommend that I run? On Sun, Nov 5, 2017 at 6:31 PM, Greg KH <greg@xxxxxxxxx> wrote: > On Sun, Nov 05, 2017 at 01:56:35PM +1100, Aleksa Sarai wrote: >> Previously, the only capability effectively required to operate on the >> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, >> having an fsuid of GLOBAL_ROOT_UID was enough). This means that >> semi-privileged processes could interfere with core components of a >> system (such as causing a DoS by removing the underlying SCSI device of >> the host's / mount). > > Given that the previous patch didn't even compile, I worry that you have > not tested this at all to see what breaks/changes in userspace with this > type of user-visable api change. > > What did you do to test this? > > thanks, > > greg k-h -- Aleksa Sarai (cyphar) www.cyphar.com
