Re: [PATCH] capabilities: Ambient capability set V1
From: Andy Lutomirski
Date: Thu Feb 26 2015 - 14:38:28 EST
On Thu, Feb 26, 2015 at 11:32 AM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> On Thu, Feb 26, 2015 at 12:28:30PM -0600, Christoph Lameter wrote:
>> On Thu, 26 Feb 2015, Serge E. Hallyn wrote:
>>
>> > > Well doing that breaks su.
>> >
>> > Don't what exactly? You're saying that doing
>> >
>> > pI' = pI
>> > pA' = pA (pA is ambient)
>> > pP' = (X & fP) | (pI & (fI | pA))
>> > pE' = pP' & (fE | pA)
>> >
>> > stopped su from having CAP_SETGID while
>> >
>> > pI' = pI
>> > pA' = pA (pA is ambient)
>> > pP' = (X & fP) | (pI & (fI | pA))
>> > pE' = pP' & fE
>> >
>> > worked? I'll hope you're saying both "fail", in which case
>>
>> fE does not exist in cpu_vfs_cap_data. We only get fI and fP. Why in the
>> world does setcap allow setting fE?
>
> It sets a bit in the magic_etc. So fE is either all on or all off.
>
>> V1 does not use fE. In my newer attempt, I seemed to have worked
>> with zeroed field that I assumed was filled in.
>>
>> I will just do
>>
>> pE' = pP'
>>
>> Ok?
>
> Andrew Morgan was against that. What if we changed
>
> pE' = pP' & (fE | pA)
>
> to
>
> if (pA)
> pE' = pP' & fE
> else
> pE' = pP'
>
Is this backwards?
Also, on further bikeshedding consideration, I think I like the name
"persistent" much better than "ambient". Alas, "persistent" starts
with a P.
--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/