Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 13 Oct 2002 12:42:31 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 13 Oct 2002 12:42:28 -0400 Received: from mailout01.sul.t-online.com ([194.25.134.80]:9374 "EHLO mailout01.sul.t-online.com") by vger.kernel.org with ESMTP id ; Sun, 13 Oct 2002 12:42:26 -0400 X-From-Line: nobody Sun Oct 13 17:48:37 2002 To: Manfred Spraul Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH][RFC] 2.5.42: remove capable(CAP_SYS_RAWIO) check from open_kmem References: <3DA985E6.6090302@colorfullife.com> From: Olaf Dietsche Date: Sun, 13 Oct 2002 17:48:37 +0200 Message-ID: <87adliuyp6.fsf@goat.bogus.local> User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Honest Recruiter, i386-debian-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1024 Lines: 22 Manfred Spraul writes: >> In drivers/char/mem.c there's open_port(), which is used as open_mem() >> and open_kmem() as well. I don't see the benefit of this, since >> /dev/mem and /dev/kmem are already protected by filesystem >> permissions. >> > capabilities can be stricter than filesystem permissions Which means, it prevents me from giving access to /dev/kmem to an otherwise unprivileged process. > , and the call > is needed to update the PF_SUPERPRIV process flag. What exactly is PF_SUPERPRIV good for? I see no real use in the source. There is exactly one test for this flag (kernel/acct.c:336), then sets another flag (ASU), which in turn is used nowhere else. So, I think we could get rid of this flag as well. Comments? Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/