Re: [PATCH 1/1] security: introduce file posix caps

From: Serge E. Hallyn
Date: Wed Nov 08 2006 - 00:32:49 EST

Next message: Amol Lad: "Re: [PATCH] drivers/scsi/mca_53c9x.c : save_flags()/cli() removal"
Previous message: David Miller: "Re: DMA APIs gumble grumble"
Next in thread: Chris Friedhoff: "Re: [PATCH 1/1] security: introduce file posix caps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Seth Arnold (seth.arnold@xxxxxxx):
> On Mon, Nov 06, 2006 at 09:45:50PM -0600, Serge E. Hallyn wrote:
> > #define CAP_AUDIT_CONTROL 30
> >
> > +#define CAP_NUMCAPS 31
>
> [...]
>
> > +struct vfs_cap_data_struct {
> > + __u32 version;
> > + __u32 effective;
> > + __u32 permitted;
> > + __u32 inheritable;
> > +};
>
> [...]
>
> > +static int check_cap_sanity(struct vfs_cap_data_struct *cap)
> > +{
> > + int i;
> > +
> > + if (cap->version != _LINUX_CAPABILITY_VERSION)
> > + return -EPERM;
> > +
> > + for (i=CAP_NUMCAPS; i<sizeof(cap->effective); i++) {
> > + if (cap->effective & CAP_TO_MASK(i))
> > + return -EPERM;
> > + }
> > + for (i=CAP_NUMCAPS; i<sizeof(cap->permitted); i++) {
> > + if (cap->permitted & CAP_TO_MASK(i))
> > + return -EPERM;
> > + }
> > + for (i=CAP_NUMCAPS; i<sizeof(cap->inheritable); i++) {
> > + if (cap->inheritable & CAP_TO_MASK(i))
> > + return -EPERM;
> > + }
> > +
> > + return 0;
> > +}
>
> for (i=31; i<4; i++) ...
>
> I'm not sure this checks what you think it checks? :)

Thanks again for catching this. Here is the obvious patch. Hopefully
I have it right this time.

Next message: Amol Lad: "Re: [PATCH] drivers/scsi/mca_53c9x.c : save_flags()/cli() removal"
Previous message: David Miller: "Re: DMA APIs gumble grumble"
Next in thread: Chris Friedhoff: "Re: [PATCH 1/1] security: introduce file posix caps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]