Hello!
> > It means that test for CAP_SYS_MODULE is illegal, moving pure policy
> > issue to improper place.
>
> Definitely not so
>
> What matters is whether the user is requesting a module or the kernel is
> choosing to load a module. In the former case where the user can influence the
> module name then you need to check CAP_SYS_MODULE in the latter you do not
> care.
Alan, I honestly peered to this paragraph of text for 10 minutes. 8)8)
It is funny, but I managed to compile it only as:
"dev_load(i.e. you) need not take of care of this".
I.e. exactly the thing which I said. 8)
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
