> -----Original Message-----
> From: parsley@roanoke.edu [mailto:parsley@roanoke.edu]
>
> After following this thread for a bit, I've got one burning question:
> What are the formulas for computing the capability sets of a new process
> in Trusted IRIX? I've also got a copy of Draft 17 (thanks, Casey!), and
> I'm quite pleased with:
>
> pI' = pI (& fM (*)) ; pP' = fP | (fI & pI) ; pE' = pP' & fE
--- So why is fM not fI?The formula Trusted IRIX uses (see it online at http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=man&fname=/usr/share/catman/p_man/cat4/capabilities.z )
pI' = pI & fI ; this allows a file to restrict capabilities passed on as well as the original process. [Desired] according to the wording in section 25.1.1.2: "Each capability marked as _permitted_ [pP'] may have been forced to be set by the program file [pF] or inherited from the previous image [pI] (if the capability attributes of the program file allow the inheritance [pI]."
pP' = fP | (pI' & pP); this limits inheritance of previous process Permitted capabilities by the "Inheritable masks" of *both* the file & the previous process's
pE' = pP' & fE ; limits effective by permitted at exec time
-l
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 31 2000 - 21:00:25 EST