Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2349632imm; Thu, 18 Oct 2018 13:08:20 -0700 (PDT) X-Google-Smtp-Source: ACcGV62c7fTdT8ecdkh+rxuXOEENlAIX4sCMGE471qMWrb0BH6Pwmr+OTosMMul+tjNuvxsC16DR X-Received: by 2002:a63:a012:: with SMTP id r18-v6mr30300728pge.282.1539893300008; Thu, 18 Oct 2018 13:08:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539893299; cv=none; d=google.com; s=arc-20160816; b=hV72LCnr9mObFwY6EHAYlIfuXnFhsQXjfChrNXBiChAN7zvd8qun6ki3H4m8/T57X7 35dw3Sx6p/6VjD1wTzOCB+ddIAAOC9zW3LQ215/FRE75pOehqiIo8uCKymhzRYE3aZ32 aAKgP7swzjjGE9EXqX/tMtAeeBA+TNpl72G2+MEOced2NsWB9RbpMwp5BYLFeoJV9pkH Glu6RhLCaqu0w/NGZDbzEhcmMu9MuQnPzKPLvY0YcOdtflfEQ5rVqSxJ4upZtldVmNlt XHS1empd9SM3WwoL74vnZSr/zDpxWO/M2CssBYLyNGuuT1DuENzqvt0NXsnOB/QKdyX9 0gMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3GUAY5V0x4vuuUuv+vFMbNl2mWcSDPX0oSrtK5r3HXA=; b=spLSJMa/BJxO/6kThAa/GpAN4oBWUfa31xBQLfW4Iwjy6YfD88OyoSvHillWiFiZg9 qtEIGGGSoOcJan5tWpdldBVEgVJS1Vuk/vCAXp3OpBXJWVxUh+AYp+9hBUXz0S5BeZvF 0tmxFL8ugmdMeK6KD93Wkw24ckbCLpaal2I50s5x8WVzBKwtTe6e5CRGDDMfjy1yjNNS H9qnegiBgpuiHp4zoqZDMefKCjinb2WbywhBM+RKy0bGBOSqr5zdJYOZYReOYV9sBuiH 9GE95uGx4lGG+a/OnEfFG72cIOs5KAxBGhnsXRkOcZ1H+KeWEprlboQx/10PbG2S0AYT 7IYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=THHXDL9l; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11-v6si21053491plp.128.2018.10.18.13.08.00; Thu, 18 Oct 2018 13:08:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=THHXDL9l; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727187AbeJSEKC (ORCPT + 99 others); Fri, 19 Oct 2018 00:10:02 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:46709 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725139AbeJSEKB (ORCPT ); Fri, 19 Oct 2018 00:10:01 -0400 Received: by mail-lj1-f195.google.com with SMTP id x3-v6so28864227lji.13; Thu, 18 Oct 2018 13:07:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3GUAY5V0x4vuuUuv+vFMbNl2mWcSDPX0oSrtK5r3HXA=; b=THHXDL9l/tPtFZC5B19CL+jnZ8RNHlMC/cp84BW7gyhPLnpwtT36HQyLOHi2XX6fUP V/+pXTQK6x7qx64/STiIFU41OIhXpHONtZY7isKN+mZcHxqFf3rAA6KlV46WyIf7l8Oy VIC1Z3Zo0NCy1G5M/6XHt9vFUh+uVHhrY1fTKzbsuzM5L9EJFkNk2nCPhrhMz4a487Vl jlLt5lpB9W20qgF0cFpjbiSa5iW+lQV3p6+230huYOS41u4dfG29zetH0eTZqrZnkibM WdZAvmw+iHt1qCnH/GbsAtcWvJ2gusA23SP04NUZ6zwVdrbPCZ+CJ2hjkTE0fEQieJeB OJtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3GUAY5V0x4vuuUuv+vFMbNl2mWcSDPX0oSrtK5r3HXA=; b=neG8OV2c9eHCyjbrq8ccKEyZHCfFh6sYy8ymx1etQVZ3Hhbp9mQUykg11Oh0V120ZE oBpCNk44drltiIU0c7OV29JPZTm2Qc9+ngXLVUGEL8DxE8YXoqz9PXpVHmlj7+ps2VKq zl3ID2yn5fX5YZ7mbxJiOUFhVss2oZ/I9XfYHVmz+6mSWtv1iG/vMhRfZyfuej/RAuG7 Pb3Qf/9Zy6l1ndsyCMqrRPZnm1nPc0SC9GdITdwt94h37dUhOiyWc0v9L3/IyJKHhpg6 HPqB8lTea1IVh4B9257YhTcQY8BD6EPSOXtJCZMoEmPyUJxN58d5YhAb3weSbLY35GqR uvbQ== X-Gm-Message-State: ABuFfohl9qprWi0JLs5UcJbfdGgq4NgJ1rd77VyP+5pkO7iwEdAud81W lQOi0KVb2ZOjQHPFciFctnp5bFh0X3TII7oNovtPq6yD X-Received: by 2002:a2e:810e:: with SMTP id d14-v6mr2594232ljg.170.1539893242744; Thu, 18 Oct 2018 13:07:22 -0700 (PDT) MIME-Version: 1.0 References: <20181016111313.GA28307@embeddedor.com> <20181016172107.GA230131@dtor-ws> <26EEA6BC-43B0-42F7-A237-572D32EB2309@gmail.com> <2856297d-9af0-e005-f926-e9596d437fad@embeddedor.com> <20181018204344.4c135203@alans-desktop> In-Reply-To: <20181018204344.4c135203@alans-desktop> From: Dmitry Torokhov Date: Thu, 18 Oct 2018 13:07:10 -0700 Message-ID: Subject: Re: [PATCH] Input: uinput - fix Spectre v1 vulnerability To: One Thousand Gnomes Cc: "Gustavo A. R. Silva" , "linux-input@vger.kernel.org" , lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 18, 2018 at 12:43 PM Alan Cox wrote: > > On Tue, 16 Oct 2018 20:12:43 +0200 > "Gustavo A. R. Silva" wrote: > > > On 10/16/18 8:09 PM, Dmitry Torokhov wrote: > > > > > > > > /dev/uinput > > > > I've got it. This explains it all. :) > > > > > must be 0600, or accessible to equally privileged user, or you'll be opening your system to much mischief. > > Still a correct change. > > CAP_SYS_RAWIO is not the same as being root, especially in a container. Giving access to uinput in an unprivileged container is nutty as well. Thanks. -- Dmitry