lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060907230630.GA15538@sergelap>
Date:	Thu, 7 Sep 2006 18:06:30 -0500
From:	"Serge E. Hallyn" <serue@...ibm.com>
To:	David Madore <david.madore@....fr>
Cc:	Linux Kernel mailing-list <linux-kernel@...r.kernel.org>,
	"Serge E. Hallyn" <serue@...ibm.com>
Subject: Re: patch to make Linux capabilities into something useful (v 0.3.1)

Quoting David Madore (david.madore@....fr):
> On Thu, Sep 07, 2006 at 12:27:31AM +0200, David Madore wrote:
> > On Wed, Sep 06, 2006 at 01:25:31PM -0500, Serge E. Hallyn wrote:
> > > I'd recommend you split this patch into at least 3:
> > > 	1. move to 64-bit caps
> > > 	2. introduce your new caps
> > > 		(perhaps even one new cap per patch)
> > > 	3. introduce the new inheritance rules
> > 
> > Yes, that sounds like a good idea.  I'll do that.
> 
> Done.  Attached.  Except that the order is
> 
> part1: move to 64-bit caps (and also re-enable CAP_SETPCAP),
>        where upper 32-bits are "regular" capabilities (but none defined)
> 
> part2: introduce the new inheritance rules
> 
> part3: introduce new ("regular") capabilities

Thanks.  This made comparing the inh behavior to your web page and to
the classic code much easier.

I'm not sure reserving all 32 for 'regular' caps is the way
to go, since we're about to overflow the 32 bits of sysadm caps
already.  What about maybe 20 regular caps?

No need to do this now for my sake, but if you repost these, doing so
in 3 separate emails with the patches inline will make it more likely
that people read them.

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ