David Miller wrote:
From: "Michael Chan" <[EMAIL PROTECTED]>
Date: Thu, 28 Sep 2006 13:17:04 -0700
I'm against letting normal users do ETHTOOL_GREGS and ETHTOOL_PHYS_ID.
Dumping 64K worth of registers and blinking the LEDs should be
restricted. But I have no problem doing these checks in the driver if
necessary.
Ok I removed PHYS_ID and GREGS from the allowed list.
Any others?
GWOL now spits out a password for all users -> security risk. Ditto
GEEPROM. GSET has been known to cause hangs if done in a tight loop, on
some 10/100 cards, which is now permitted by any user. At the very
least, it should be rate-limited.
I wasn't just being obstinate, when requesting an audit.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html