| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Nov 2006 13:54:44 -0800
From: Seth Arnold <seth.arnold@...e.de>
To: "Serge E. Hallyn" <serue@...ibm.com>
Cc: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Stephen Smalley <sds@...ho.nsa.gov>,
James Morris <jmorris@...ei.org>,
chris friedhoff <chris@...edhoff.org>,
Chris Wright <chrisw@...s-sol.org>,
Andrew Morton <akpm@...l.org>
Subject: Re: [PATCH 1/1] security: introduce file posix caps
On Mon, Nov 06, 2006 at 09:45:50PM -0600, Serge E. Hallyn wrote:
> #define CAP_AUDIT_CONTROL 30
>
> +#define CAP_NUMCAPS 31
[...]
> +struct vfs_cap_data_struct {
> + __u32 version;
> + __u32 effective;
> + __u32 permitted;
> + __u32 inheritable;
> +};
[...]
> +static int check_cap_sanity(struct vfs_cap_data_struct *cap)
> +{
> + int i;
> +
> + if (cap->version != _LINUX_CAPABILITY_VERSION)
> + return -EPERM;
> +
> + for (i=CAP_NUMCAPS; i<sizeof(cap->effective); i++) {
> + if (cap->effective & CAP_TO_MASK(i))
> + return -EPERM;
> + }
> + for (i=CAP_NUMCAPS; i<sizeof(cap->permitted); i++) {
> + if (cap->permitted & CAP_TO_MASK(i))
> + return -EPERM;
> + }
> + for (i=CAP_NUMCAPS; i<sizeof(cap->inheritable); i++) {
> + if (cap->inheritable & CAP_TO_MASK(i))
> + return -EPERM;
> + }
> +
> + return 0;
> +}
for (i=31; i<4; i++) ...
I'm not sure this checks what you think it checks? :)
Thanks
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists