Re: [PATCH 1/1] security: introduce file posix caps

From: Seth Arnold
Date: Tue Nov 07 2006 - 16:55:35 EST

Next message: Pavel Machek: "Re: Faustian Pact between Novell and Microsoft"
Previous message: Jeff Garzik: "slow UML on x86-64, soft lockups"
In reply to: Serge E. Hallyn: "Re: [PATCH 1/1] security: introduce file posix caps"
Next in thread: Serge E. Hallyn: "Re: [PATCH 1/1] security: introduce file posix caps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 06, 2006 at 09:45:50PM -0600, Serge E. Hallyn wrote:
> #define CAP_AUDIT_CONTROL 30
>
> +#define CAP_NUMCAPS 31

[...]

> +struct vfs_cap_data_struct {
> + __u32 version;
> + __u32 effective;
> + __u32 permitted;
> + __u32 inheritable;
> +};

[...]

> +static int check_cap_sanity(struct vfs_cap_data_struct *cap)
> +{
> + int i;
> +
> + if (cap->version != _LINUX_CAPABILITY_VERSION)
> + return -EPERM;
> +
> + for (i=CAP_NUMCAPS; i<sizeof(cap->effective); i++) {
> + if (cap->effective & CAP_TO_MASK(i))
> + return -EPERM;
> + }
> + for (i=CAP_NUMCAPS; i<sizeof(cap->permitted); i++) {
> + if (cap->permitted & CAP_TO_MASK(i))
> + return -EPERM;
> + }
> + for (i=CAP_NUMCAPS; i<sizeof(cap->inheritable); i++) {
> + if (cap->inheritable & CAP_TO_MASK(i))
> + return -EPERM;
> + }
> +
> + return 0;
> +}

for (i=31; i<4; i++) ...

I'm not sure this checks what you think it checks? :)

Thanks

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Pavel Machek: "Re: Faustian Pact between Novell and Microsoft"
Previous message: Jeff Garzik: "slow UML on x86-64, soft lockups"
In reply to: Serge E. Hallyn: "Re: [PATCH 1/1] security: introduce file posix caps"
Next in thread: Serge E. Hallyn: "Re: [PATCH 1/1] security: introduce file posix caps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]