On Wed, Oct 15, 2014 at 05:11:47AM +0400, ds wrote: > Anyway, there is another part, reading the msr and cpuid. For that, > it seems to be really beneficial, to make it available to everyone. > So the process which needs it, can only live with limited > CAP_SYS_RAWIO powers.
CAP_SYS_RAWIO is somewhat scary on its own, of course, because it's used in all kinds of places. Here's a pretty good summary: https://lwn.net/Articles/542327/ > It seem to me, that the root rights are there only because the > capability system was introduced only a couple of years ago, I think the more clearly-limited capabilities have slightly better take-up in userspace than the very diffuse ones, although even then there tend to be obstacles such as not quite all filesystems supporting them, so in practice everyone ends up having to cope with both methods of escalating privileges anyway. -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
