This workaround is nice, but it's still a kernel vuln. The /proc/scsi/scsi should require CAP_SYS_ADMIN!https://twitter.com/justincormack/status/926467677245378560 …
my point is that not having capability checks on files on procfs (unless those files directly lead to root-equivalent access) is useful
-
-
This specific proc file makes sense to have a CAP_SYS_ADMIN restriction IMHO; however, I don't really care anymore.

-
The capability model was such an after thought, plus no procfs namespace. It's a mess. I want a new microkernel for TCB bootstrap limux ABI.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.