(NOTE: this is general privilege set mathematics, may not apply
to linux yet.)
P being process permitted set
E being process effective set
I being process inheritable set
S being process saved set
A being files allowed set
F being files forced set
0 being the empty privilege set
P=E=(I[parent process] unioned with F[program] restricted by A[program])
I[child process] = I[parent process]
S=(I[parent process] intersected by A[program])
When effective UID is changed from the original:
S=E and then E = 0
When/if effective UID is changed back to original:
E = S
John
-- John Wojtowicz, Secure Systems Engr. ph: (703) 318-7134 Trusted Computer Solutions, Inc. fax: (703) 318-5041 13873 Park Center Rd. Suite 225 email: jwojtowicz@tcs-sec.com Herndon, VA 20171 http://www.tcs-sec.com/
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/