On Thu, 2006-10-19 at 16:57 -0400, Post, Mark K wrote: > What are the permissions on /dev/vmcp?
Even if you set the permission of /dev/vmcp to allow normal users to access the device, it won't allow the user to execute cp commands. There is an additional CAP_SYS_ADMIN check in the vmcp_open function. The reason is that a user that can execute cp commands owns the machine, with strategically placed vmcp "STORE <addr> <data>" calls you change any code in the kernel. So you better make sure that nobody who is not trusted can get control to issue arbitrary cp commands. That is especially true if you use vmpc in a web interface. It sounds like a very dangerous thing to do. -- blue skies, Martin. Martin Schwidefsky Linux for zSeries Development & Services IBM Deutschland Entwicklung GmbH "Reality continues to ruin my life." - Calvin. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
