Also, I ran a poll a few weeks ago asking how folks would like me to do vulnerability disclosures and the winner was Twitter shitposting.
if you did a capability check in sysrq-trigger, the kernel API would lose this flexibility
-
-
If that's the contract then maybe remove unnecessary code checking capabilities for all other proc files?
-
I think there is some granularity. For example, one could argue both ways for CAP_RAWIO checks in procfs
- 4 more replies
New conversation -
-
-
Yes, users in Docker can also chmod most files in proc currently, too :(
-
my point is that not having capability checks on files on procfs (unless those files directly lead to root-equivalent access) is useful
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.