> Some time ago there was heated debate over POSIX.6. A few people
> resolved to go away and do some coding towards this. Anyone got any
> patches or preliminary stuff lying around I can take a look at?
I'm hacking hard on this at this very moment, so here is a status report
for those that are interested.
All calls to suser() fsuser() and checks on current-uid == 0 have been
replaced with a call to priv_has_eff(p) where p is the appropriate
priv required to do the job, (actually I'm lying there is one or two left
to go but they are in the "less" used filesystems and I'll do them some
time.)
Originally I had #ifdef around all the suser() calls but it was getting
ugly and the list <linux-privs@mit.edu> consensus was to replace them all
with priv_has_eff(p) - this has the added advantage that even if you
aren't running POSIX.6 looking at the kernel code shows why a particular
code fragment wants to be "root". The file permission checking was a bit
hairy. (I've aimed to keep the code readable rather than being clever, we
can always had optimize later if speed is a problem)
I've also just finished doing the required hacks to execve() so that the
proper privs get passed down (The following is from <linux/priv.h>)
/*
* Process Privileges
*
* Child process don't neccesarily get all the privs of the parent.
*
* p(x) is a priv in the parent
* f(x) is a priv on the filesystem binary we are execing.
*
* F - Forced From the binary in the fs
* A - Allowed From the binary in the fs
* I - Inheritable What we pass on to children
* S - Saved Subset of Permitted
* P - Permitted (f(F) u p(I)) n f(A)
* E - Effective Subset of Permitted
*
* I,S,P,E are held in the task_struct.
* F,A are held in the filesystem against the file, it only makes
* sense to put privs on executables.
* On exec we set I = S = E = P = (f(F) u p(I)) n f(A)
* On fork we set each to the same as the parent.
*/
The main thing needing done now is the {get,set}filepriv functions for
use in the kernel and the userland equivs - this way I can write lspriv
and chpriv and start testing this stuff.
I'll make what I've done by the end of today available on an ftp site
somewhere - but only if it all compiles [not saying anything about works
thou :-)].
Note that all of this has been done against 1.3.100, I don't intend moving
the stuff away from 1.3.100 until 2.1.0 comes out.
> Note that I'm *NOT* in any way attempting to start a debate again over
> the do's and dont's of POSIX.6 and its benefits.
Good cause it is the correct way :-)
-- Darren J Moffat