Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S267785AbUIOXdQ (ORCPT ); Wed, 15 Sep 2004 19:33:16 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267725AbUIOX3b (ORCPT ); Wed, 15 Sep 2004 19:29:31 -0400 Received: from clock-tower.bc.nu ([81.2.110.250]:61891 "EHLO localhost.localdomain") by vger.kernel.org with ESMTP id S267772AbUIOX0q (ORCPT ); Wed, 15 Sep 2004 19:26:46 -0400 Subject: Re: [PATCH-NEW] allow root to modify raw scsi command permissions list From: Alan Cox To: Peter Jones Cc: Marc Ballarin , Jens Axboe , Linux Kernel Mailing List In-Reply-To: <1095289404.20046.63.camel@localhost.localdomain> References: <1095173470.5728.3.camel@localhost.localdomain> <20040915230813.6eac1d04.Ballarin.Marc@gmx.de> <1095284325.20749.8.camel@localhost.localdomain> <1095289404.20046.63.camel@localhost.localdomain> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1095287003.20754.10.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Wed, 15 Sep 2004 23:23:25 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 583 Lines: 15 On Iau, 2004-09-16 at 00:03, Peter Jones wrote: > > You need to check for capable(CAP_SYS_RAWIO) otherwise you elevate > > anyone with access bypass capabilities to CAP_SYS_RAWIO equivalent > > powers. > > Do you mean in the ->store path? Thats the one - otherwise you can add commands without the ability you'd normally have to bypass - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/