>The above saved set probably solves one of my worries with the
>capabilities implementation I did for the 2.2. kernel. Do you know
>what specific OSes support it? Is there any user-visible API that
>allows changes to the saved set?
>
Trusted Solaris and SecureWare implementations include this.
The saved set is a process privilege, and of the process privileges
only the inheritable and effective can be raised and dropped (depending on
whats in the permitted set). The permitted set can have privileges in it
dropped but not re-raised. And yes you are correct that the saved set
cannot be modified by an API, except in the fact that changing effective
UID changes it (to the empty set).
John
-- John Wojtowicz, Secure Systems Engr. ph: (703) 318-7134 Trusted Computer Solutions, Inc. fax: (703) 318-5041 13873 Park Center Rd. Suite 225 email: jwojtowicz@tcs-sec.com Herndon, VA 20171 http://www.tcs-sec.com/
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/