Linda Walsh wrote:
>
> Paul Jakma wrote:
> >
> > On Tue, 22 Feb 2000, Linda Walsh wrote:
> >
> > > Just a data point, but when I have trusted IRIX installed,
> > > there is no booting up in non-trusted mode. Capabilities are in
> > > effect even in single-user.
Strange...
I found this in the Irix B1 sources at <http://oss.sgi.com/projects/ob1>.
The cap_enabled global variable has one of the values CAP_SYS_SUPERUSER,
CAP_SYS_NO_SUPERUSER, CAP_SYS_DISABLED.
src/cap/kern/capability.c
-------------------------
[] /*
[] * Make the default be augmented superuser.
[] */
[] void
[] cap_init()
[] {
[] cap_enabled = CAP_SYS_SUPERUSER;
[] }
[]
[] [...]
[]
[] int
[] cap_style(int new)
[] {
[]
[] #ifdef DEBUG
[] if (cap_enabled == CAP_SYS_SUPERUSER)
[] cmn_err(CE_NOTE,"Superuser and capabilities provide
privilege");
[] else if (cap_enabled == CAP_SYS_NO_SUPERUSER)
[] cmn_err(CE_NOTE,"Capabilities alone provide privilege");
[] else if (cap_enabled == CAP_SYS_DISABLED)
[] cmn_err(CE_NOTE,"Superuser alone provides privilege");
[] #endif /* DEBUG */
[]
[] if (!_CAP_ABLE(CAP_SYSINFO_MGT))
[] return (EPERM);
[] [...]
[] cap_enabled = new;
[] return (0);
[] }
Regards,
Andreas
------------------------------------------------------------------------
Andreas Gruenbacher, a.gruenbacher@computer.org
Contact information: http://www.bestbits.at/~agruenba
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:30 EST