Amerigo Wang <[email protected]> writes: > Eric pointed out that kexec_load() actually allows you to > run any code you want in ring0, this is more like CAP_SYS_MODULE.
Let me get this straight you want to make the permission checks less stringent by allowing either CAP_SYS_MODULE or CAP_SYS_BOOT? CAP_SYS_BOOT is the correct capability. Sure you can run any code but only after rebooting. I don't see how this differs from any other reboot scenario. Eric > Reported-by: Eric Paris <[email protected]> > Signed-off-by: WANG Cong <[email protected]> > > --- > diff --git a/kernel/kexec.c b/kernel/kexec.c > index b55045b..c30d613 100644 > --- a/kernel/kexec.c > +++ b/kernel/kexec.c > @@ -945,7 +945,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, > unsigned long, nr_segments, > int result; > > /* We only trust the superuser with rebooting the system. */ > - if (!capable(CAP_SYS_BOOT)) > + if (!capable(CAP_SYS_BOOT) || !capable(CAP_SYS_MODULE)) > return -EPERM; > > /* _______________________________________________ kexec mailing list [email protected] http://lists.infradead.org/mailman/listinfo/kexec
