| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1377802153.27493.18.camel@x230> Date: Thu, 29 Aug 2013 18:49:13 +0000 From: Matthew Garrett <matthew.garrett@...ula.com> To: "H. Peter Anvin" <hpa@...or.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "jwboyer@...hat.com" <jwboyer@...hat.com>, "keescook@...omium.org" <keescook@...omium.org> Subject: Re: [PATCH 05/10] asus-wmi: Restrict debugfs interface when module loading is restricted On Thu, 2013-08-29 at 11:46 -0700, H. Peter Anvin wrote: > On 08/29/2013 11:35 AM, Matthew Garrett wrote: > > On Thu, 2013-08-29 at 11:22 -0700, H. Peter Anvin wrote: > >> On 08/19/2013 09:10 AM, Matthew Garrett wrote: > >>> + if (!capable(CAP_COMPROMISE_KERNEL)) > >>> + return -EPERM; > >>> + > >> > >> Stale bits? > > > > Yeah. Did I manage to send out the old copy of that again? I'm sorry, > > spending a few months concentrating on cloud stuff seems to have > > entirely destroyed my ability to deal with git :( > > > > No, you mixed and matched in a single patch... Right, but I'd fixed that in V2 (which I see I *did* send correctly, and you're just replying to the old one :)) > I still believe that CAP_RAWIO should be forbidden in this case. Seems fair. -- Matthew Garrett <matthew.garrett@...ula.com>
Powered by blists - more mailing lists