> Within Linux the security model is that items accessible through this interface > are only accessible by root. "root" has not been a security concept in the Linux kernel since about 2.0. If you are relying on file permissions then at best you are using CAP_SYS_DAC which is too weak for this. If you are allowing near unchecked communication with a third party entity that the user doesn't trust too much you should be requiring CAP_SYS_RAWIO. In fact it's a fair argument hat if you require CAP_SYS_RAWIO and have a module option you have to set to allow it that with the module loaded with say insmod dell_smbios factory=1 does even blacklisted stuff then you are ok, because a process with CAP_SYS_RAWIO has enough power to totally own the machine anyway including taking over and doing the WMI call itself by hand in user space or loading its own module. Alan
