Tom Herbert <t...@quantonium.net> writes: > +#ifdef CONFIG_MODULES > + if (!ulp && capable(CAP_NET_ADMIN)) { > + rcu_read_unlock(); > + request_module("%s", name); > + rcu_read_lock(); > + ulp = ulp_find(name); > + } > +#endif
It looks to me that this allows users with only CAP_NET_ADMIN privileges to load every module?