On Tue, 2013-02-12 at 16:48 -0800, H. Peter Anvin wrote:

> OK... what none of this gets into:
> 
> Why should CAP_RAWIO be allowed on a secure boot system, when there are
> 2^n known ways of compromise a system with CAP_RAWIO?

CAP_SYS_RAWIO seems to have ended up being a catchall of "Maybe someone
who isn't entirely root should be able to do this", and not everything
it covers is equivalent to being able to compromise the running kernel.
I wouldn't argue with the idea that maybe we should just reappraise most
of the current uses of CAP_SYS_RAWIO, but removing capability checks
from places that currently have them seems like an invitation for
userspace breakage.
ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éÝ¶¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayºÊ‡Ú™ë,j­¢f£¢·hšïêÿ‘êçz_è®(­éšŽŠÝ¢j"ú¶m§ÿÿ¾«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^¶m§ÿÿÃÿ¶ìÿ¢¸?–I¥