[Patch] kexec_load: check CAP_SYS_MODULE
Eric W. Biederman
ebiederm at xmission.com
Thu Jan 6 03:47:00 EST 2011
Amerigo Wang <amwang at redhat.com> writes:
> Eric pointed out that kexec_load() actually allows you to
> run any code you want in ring0, this is more like CAP_SYS_MODULE.
Let me get this straight you want to make the permission checks
less stringent by allowing either CAP_SYS_MODULE or CAP_SYS_BOOT?
CAP_SYS_BOOT is the correct capability. Sure you can run any
code but only after rebooting. I don't see how this differs
from any other reboot scenario.
Eric
> Reported-by: Eric Paris <eparis at redhat.com>
> Signed-off-by: WANG Cong <amwang at redhat.com>
>
> ---
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index b55045b..c30d613 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -945,7 +945,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
> int result;
>
> /* We only trust the superuser with rebooting the system. */
> - if (!capable(CAP_SYS_BOOT))
> + if (!capable(CAP_SYS_BOOT) || !capable(CAP_SYS_MODULE))
> return -EPERM;
>
> /*
More information about the kexec
mailing list