Re: [patch 2.1.97] more capabilities support

Andrew Morgan (morgan@transmeta.com)
Sun, 19 Apr 1998 13:39:01 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Reinhold Jordan: "Re: 2.1.97: Assembler error, won't build."
Previous message: Kristian Koehntopp: "Re: 2.0.33 is mixing up my Adaptec controllers"
In reply to: MOLNAR Ingo: "Re: NE2000 slow interrupts safe?"

Albert D. Cahalan writes:
> I think you forgot one type of capability. DG-UX has four of them.
> http://www.dg.com/products/html/dso_information_security.html
> http://www.dg.com/products/html/dg_ux_b2_security_option.html

> * a Bounding Set that serves as a fail-safe mechanism to ensure users
> cannot acquire more privilege beyond what they have been authorized

This set was dropped by POSIX as superfluous. Capabilities were
regrouped into threes. Three sets for files and three sets for
processes..

The shorthand for these in the notes is: p{E,I,P} and f{E,I,P}.

As Astor has pointed out, the fE "set" is one bit long and is provided
solely for "backwards" compatibility reasons. Namely, to provide a
way for "former" setuid-root programs to automatically raise their
Permitted capabilities when they are exec()d.

Astor likes to refer to the file's Inheritable (fI) set as the
"Allowed" set, and the files Permitted (fP) set as the "Forced" set.
There is some human value to this and to that extent, I agree with his
preferred use of words.

However, the benefit of labeling them as p{E,I,P} and f{E,I,P} is that
the API is a good deal smaller as a result = easier to verify.

Cheers

Andrew

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Reinhold Jordan: "Re: 2.1.97: Assembler error, won't build."
Previous message: Kristian Koehntopp: "Re: 2.0.33 is mixing up my Adaptec controllers"
In reply to: MOLNAR Ingo: "Re: NE2000 slow interrupts safe?"