lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1182847813.3830.1.camel@johannes.berg>
Date:	Tue, 26 Jun 2007 10:50:13 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	hadi@...erus.ca
Cc:	Zhang Rui <rui.zhang@...el.com>, netdev@...r.kernel.org,
	lenb@...nel.org, Thomas Graf <tgraf@...g.ch>
Subject: Re: Fwd: [PATCH] [-mm] ACPI: export ACPI events via netlink

On Mon, 2007-06-25 at 13:08 -0400, jamal wrote:

> > Why do you think that would be hard? It'd basically just mean replacing
> > the netlink_capable(sock, NL_NONROOT_RECV) calls with a call that
> > actually tests depending on the group(s) it wants.
> 
> I think it could be done. You will need to have root maybe initially set
> such permissions etc - but it may be overkill.

I think we pretty much know in the kernel whether we want to require
CAP_NET_ADMIN or not, let's punt the rest to userspace.

> > Yeah, sounds reasonable, you could ask the controller for which groups
> > are attached to a family and then get the IDs for those groups by name.
> 
> Yes, we would need a newer api to do it right. But it could be done if
> you register for multi groups.

I've just replied somewhere else in this thread with a patch, I haven't
actually tested that patch yet though. Once the generic netlink
multicast is figured out we can start attacking the permissions issue.

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (191 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ