Re: [PATCH v2] define convenient securebits masks for prctl users

[Serge E. Hallyn]

Quoting Michael Kerrisk (mtk.manpages@xxxxxxxxxxxxxx):
> Hi Serge,
> 
> On Wed, Oct 14, 2009 at 11:15 PM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote:
> > The securebits are used by passing them to prctl with the
> > PR_{S,G}ET_SECUREBITS commands.  But the defines must be
> > shifted to be used in prctl, which begs to be confused and
> > misused by userspace.  So define some more convenient
> > values for userspace to specify.  This way userspace does
> >
> >        prctl(PR_SET_SECUREBITS, SECBIT_NOROOT);
> >
> > instead of
> >
> >        prctl(PR_SET_SECUREBITS, 1 << SECURE_NOROOT);
> >
> > Thanks to Michael for the idea.
> >
> > This patch also adds include/linux/securebits to the installed headers.
> > Then perhaps it can be included by glibc's sys/prctl.h.
> >
> > Changelog:
> >        Oct 14: (Suggestions by Michael Kerrisk):
> >                1. spell out SETUID in SECBIT_NO_SETUID*
> >                2. SECBIT_X_LOCKED does not imply SECBIT_X
> >                3. add definitions for keepcaps
> 
> Thanks for these changes.

Thanks for taking a look and commenting!

> >        Oct 14: As suggested by Michael Kerrisk, don't
> >                use SB_* as that convention is already in
> >                use.  Use SECBIT_ prefix instead.
> >
> > Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
> > Acked-by: Andrew G. Morgan <morgan@xxxxxxxxxx>
> 
> Acked-by: Michael Kerrisk <mtk.manpages@xxxxxxxxx>

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/