Home » Mailing list archives » linux-kernel » 2007 » June » 28

Re: implement-file-posix-capabilities.patch

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Andrew Morgan
Subject: Re: implement-file-posix-capabilities.patch
Date: Wednesday, June 27, 2007 - 11:19 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Serge E. Hallyn wrote:

[We touched on this a number of emails back.]

If an application is capability aware, it can manipulate its own
capabilities and should have fE=0.

If an application is not capability aware, it needs to have *all* of its
capabilities enabled at exec() time. Otherwise, it won't work.

The only reason for having an fE bitmap is to allow a capability-aware
program (you really trust to do its privileged operations carefully) to
be lazy and get some of its capabilities raised for free. Perhaps you
can clarify why this is a desirable thing? :-)

Cheers

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFGg1LqQheEq9QabfIRAo3BAKCO8QrfcKBNqhfnn2BHp8O/qDkgXgCgleEl
xP7LZPU9Qn6AjqI3ZM3FZ+4=
=urmz
-----END PGP SIGNATURE-----
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Thu Jun 21, 9:00 am)
Re: implement-file-posix-capabilities.patch, Andrew Morgan, (Sat Jun 23, 1:13 am)
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Sun Jun 24, 8:51 am)
Re: implement-file-posix-capabilities.patch, James Morris, (Sun Jun 24, 9:18 am)
[PATCH][RFC] security: Convert LSM into a static interface, James Morris, (Sun Jun 24, 1:58 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Chris Wright, (Sun Jun 24, 3:09 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, James Morris, (Sun Jun 24, 3:37 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Casey Schaufler, (Sun Jun 24, 4:40 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Chris Wright, (Sun Jun 24, 6:38 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Chris Wright, (Sun Jun 24, 6:39 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Casey Schaufler, (Sun Jun 24, 8:37 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Chris Wright, (Sun Jun 24, 8:57 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Serge E. Hallyn, (Sun Jun 24, 8:57 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Chris Wright, (Sun Jun 24, 9:10 pm)
[PATCH try #2] security: Convert LSM into a static interface, James Morris, (Sun Jun 24, 9:33 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Petr Vandrovec, (Sun Jun 24, 9:48 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Serge E. Hallyn, (Sun Jun 24, 9:54 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., James Morris, (Sun Jun 24, 9:58 pm)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Casey Schaufler, (Mon Jun 25, 6:02 am)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Casey Schaufler, (Mon Jun 25, 6:50 am)
Re: [PATCH][RFC] security: Convert LSM into a static interface, James Morris, (Mon Jun 25, 6:54 am)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Roberto De Ioris, (Mon Jun 25, 7:24 am)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Serge E. Hallyn, (Mon Jun 25, 7:32 am)
Re: [PATCH][RFC] security: Convert LSM into a static interface, Casey Schaufler, (Mon Jun 25, 8:08 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Stephen Smalley, (Mon Jun 25, 9:59 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Andreas Gruenbacher, (Mon Jun 25, 1:37 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., James Morris, (Mon Jun 25, 2:14 pm)
[PATCH try #3] security: Convert LSM into a static interface, James Morris, (Mon Jun 25, 4:56 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Mon Jun 25, 8:57 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Kyle Moffett, (Mon Jun 25, 9:09 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Kyle Moffett, (Mon Jun 25, 9:25 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Adrian Bunk, (Tue Jun 26, 6:15 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Tue Jun 26, 6:47 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Tue Jun 26, 7:06 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Adrian Bunk, (Tue Jun 26, 7:59 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Tue Jun 26, 8:53 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Greg KH, (Tue Jun 26, 11:18 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Tue Jun 26, 11:40 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Adrian Bunk, (Tue Jun 26, 11:52 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Kyle Moffett, (Tue Jun 26, 5:07 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Crispin Cowan, (Tue Jun 26, 5:57 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Kyle Moffett, (Tue Jun 26, 6:22 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Chris Wright, (Tue Jun 26, 9:24 pm)
Re: implement-file-posix-capabilities.patch, Andrew Morgan, (Tue Jun 26, 10:00 pm)
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Wed Jun 27, 6:16 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Wed Jun 27, 6:41 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., James Morris, (Wed Jun 27, 7:36 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Wed Jun 27, 10:21 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Wed Jun 27, 11:51 am)
Re: [PATCH try #2] security: Convert LSM into a static int ..., James Morris, (Wed Jun 27, 12:28 pm)
Re: [PATCH try #2] security: Convert LSM into a static int ..., Serge E. Hallyn, (Wed Jun 27, 7:48 pm)
Re: implement-file-posix-capabilities.patch, Andrew Morgan, (Wed Jun 27, 11:19 pm)
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Thu Jun 28, 6:36 am)
Re: implement-file-posix-capabilities.patch, Casey Schaufler, (Thu Jun 28, 8:14 am)
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Thu Jun 28, 8:38 am)
Re: implement-file-posix-capabilities.patch, Andrew Morgan, (Thu Jun 28, 8:50 am)
Re: implement-file-posix-capabilities.patch, Casey Schaufler, (Thu Jun 28, 8:56 am)
Re: implement-file-posix-capabilities.patch, Andrew Morgan, (Thu Jun 28, 10:30 pm)
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Fri Jun 29, 6:24 am)
Re: implement-file-posix-capabilities.patch, Casey Schaufler, (Fri Jun 29, 7:46 am)
Re: implement-file-posix-capabilities.patch, Serge E. Hallyn, (Mon Jul 2, 7:38 am)
Re: implement-file-posix-capabilities.patch, Andrew Morgan, (Wed Jul 4, 2:29 pm)
Re: implement-file-posix-capabilities.patch, Casey Schaufler, (Wed Jul 4, 4:00 pm)