Hey, Alan. On Fri, Nov 02, 2012 at 05:21:45PM +0000, Alan Cox wrote: > That also means that a normal app running as superuser for some reason > would set its user filter and any accidentally inherited descriptors will > be less dangerous as the are today. It also means a CAP_SYS_RAWIO capable > app can still use filters itself as good programming practise. > > It effectively means you have to deliberately and intentionally set up an > 'inherited' extra rights case.
The last part, I agree, but in general I think what you're describing is way too elaborate for the problem at hand. It's like adding arbitrary range-filter for /dev/sdX which can be overridden by userland. You sure can find use case for such thing if you try hard enough, but it's way over-engineered nonetheless. I don't think we're addressing huge range and number of use cases here and would much prefer to keep it as simple as possible. * Devices are given standard filter matching the device class. Any !CAP_SYS_RAWIO user can only issue commands allowed by the filter. * CAP_SYS_RAWIO can issue an ioctl to disable the filter all accessors of the fd and transfer it. That should be enough, no? Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/