From: Nicholas Miell <nmiell@comcast.net>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serue@us.ibm.com>,
lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org, chrisw@sous-sol.org
Subject: Re: [RFC] [PATCH] file posix capabilities
Date: Tue, 15 Aug 2006 12:31:02 -0700 [thread overview]
Message-ID: <1155670262.2432.4.camel@entropy> (raw)
In-Reply-To: <20060815122026.GA7422@vino.hallyn.com>
On Tue, 2006-08-15 at 07:20 -0500, Serge E. Hallyn wrote:
> Quoting Serge E. Hallyn (serge@hallyn.com):
> > > Make it an arbitrary length bitfield with a defined byte order (little
> > > endian, probably). Bits at offsets greater than the length of the
> > > bitfield are defined to be zero. If the kernel encounters a set bit that
> > > it doesn't recognizes, fail with EPERM. If userspace attempts to set a
> > > bit that the kernel doesn't recognize, fail with EINVAL.
> > >
> > > It's extensible (as new capability bits are added, the length of the
> > > bitfield grows), backward compatible (as long as there are no unknown
> > > bits set, it'll still work) and secure (if an unknown bit is set, the
> > > kernel fails immediately, so there's no chance of a "secure" app running
> > > with less privileges than it expects and opening up a security hole).
> >
> > Sounds good.
> >
> > The version number will imply the bitfield length, or do we feel warm
> > fuzzies if the length is redundantly encoded in the structure?
>
> nm, 'encoded in the structure' clearly is silly.
>
There isn't really a version number, just recognized and unrecognized
capability bits. If you wanted, you could use a single byte to give a
binary CAP_DAC_OVERRIDE, with capability bits 8-30 being "stored" in
not-present bytes and therefore assumed to be zero.
--
Nicholas Miell <nmiell@comcast.net>
next prev parent reply other threads:[~2006-08-15 19:31 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-30 1:13 [RFC] [PATCH] file posix capabilities Serge E. Hallyn
2006-08-14 22:06 ` Serge E. Hallyn
2006-08-15 0:20 ` Eric W. Biederman
2006-08-15 2:06 ` Serge E. Hallyn
2006-08-15 3:29 ` Eric W. Biederman
2006-08-15 4:22 ` Nicholas Miell
2006-08-15 11:49 ` Serge E. Hallyn
2006-08-15 12:20 ` Serge E. Hallyn
2006-08-15 19:31 ` Nicholas Miell [this message]
2006-08-15 19:41 ` Serge E. Hallyn
2006-08-15 16:18 ` Stephen Smalley
2006-08-15 16:36 ` Casey Schaufler
2006-08-16 2:42 ` Serge E. Hallyn
2006-08-16 13:20 ` Stephen Smalley
2006-08-17 12:00 ` Joshua Brindle
2006-08-17 12:28 ` Stephen Smalley
2006-08-21 20:36 ` Serge E. Hallyn
2006-08-28 21:39 ` Serge E. Hallyn
2006-08-29 18:37 ` Seth Arnold
2006-08-29 19:58 ` Serge E. Hallyn
2006-08-19 2:02 ` Crispin Cowan
2006-08-19 17:08 ` Casey Schaufler
2006-08-22 2:50 ` Serge E. Hallyn
2006-08-22 3:19 ` Seth Arnold
2006-08-19 2:02 ` Crispin Cowan
[not found] ` <44E1153D.9000102@ak.jp.nec.com>
[not found] ` <20060815021612.GC16220@sergelap.austin.ibm.com>
2006-08-15 3:48 ` KaiGai Kohei
2006-08-15 12:04 ` Serge E. Hallyn
2006-08-15 16:02 ` Casey Schaufler
2006-08-16 2:25 ` Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2006-08-16 2:43 Albert Cahalan
2006-08-16 3:23 ` Serge E. Hallyn
2006-08-16 3:44 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1155670262.2432.4.camel@entropy \
--to=nmiell@comcast.net \
--cc=chrisw@sous-sol.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox