From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: [PATCH 1/4] CAPABILITIES: add cpu endian vfs caps structure Date: Tue, 21 Oct 2008 09:22:17 -0400 Message-ID: <1224595337.3189.196.camel@paris-laptop> References: <20081020222538.3895.50175.stgit@paris.rdu.redhat.com> <20081020222602.3895.77302.stgit@paris.rdu.redhat.com> <48FD6DA1.5030402@kernel.org> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <48FD6DA1.5030402@kernel.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "Andrew G. Morgan" Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.ok.redhat.com List-Id: linux-audit@redhat.com On Mon, 2008-10-20 at 22:50 -0700, Andrew G. Morgan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Eric Paris wrote: > > This patch add a generic cpu endian caps structure and enternally available > > functions which retrieve fcaps information from disk. This information is > > necessary so fcaps information can be collected and recorded by the audit > > system. > > > [...] > > CAP_FOR_EACH_U32(i) { > > - __u32 value_cpu; > > - > > - if (i >= tocopy) { > > - /* > > - * Legacy capability sets have no upper bits > > - */ > > - bprm->cap_post_exec_permitted.cap[i] = 0; > > + if (i > tocopy) { > > Shouldn't the above still be (i >= tocopy) ? just replaced this with if (i >= tocopy) break; I'm already zero'ing out the cap data at the beginning so there isn't really a need for me to zero the upper bits if they aren't set. -Eric