| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071018153023.GA12123@vino.hallyn.com> Date: Thu, 18 Oct 2007 10:30:23 -0500 From: "Serge E. Hallyn" <serge@...lyn.com> To: Andrew Morgan <morgan@...nel.org> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Chris Wright <chrisw@...s-sol.org>, Andrew Morton <akpm@...ux-foundation.org>, "Serge E. Hallyn" <serue@...ibm.com>, sds@...ho.nsa.gov, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, kaigai@...gai.gr.jp, casey@...aufler-ca.com Subject: Re: [RFC] [PATCH 2/2] capabilities: implement 64-bit capabilities Quoting Andrew Morgan (morgan@...nel.org): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Serge E. Hallyn wrote: > > Quoting Chris Wright (chrisw@...s-sol.org): > >> * Serge E. Hallyn (serge@...lyn.com) wrote: > >>> I guess now that I've written this out, it seems pretty clear > >>> that capget64() and capget64() are the way to go. Any objections? > >> How is capget64() different from capget() that supports 2 different > >> header->versions (I thought that was the whole point of the versioned, > >> rather opaque interface)? I don't object to a new syscall, but I don't > >> see why it's required to avoid breaking libcap. > > > > Hmm, I guess it *works*, it's just harder to explain the "inconsistent" > > behavior. Now instead of saying "capget() will fail under certain > > conditions while capget64() will always succeed", capget() will actually > > fail under certain conditions only if you send in a certain header. > > > > Again, once I've written it out, I guess it isn't *so* bad. > > [I'm just wading back into a mass of neglected email. Long story.] > > Chris is right, this is precisely why the interface is versioned, and > there is at least one version of libcap that was written to support this > versioning scheme Ok - i actually didn't default to backward compatibility because I was pretty sure you would object to it on the grounds that old userspace might get unexpected behavior. But I guess since all high caps should be new ones for new features, it'll require new userspace to exploit anyway. > cvs -z3 > - -d:pserver:anonymous@....linux-privs.sourceforge.net:/cvsroot/linux-privs > co -r libcap-pre2 libcap > > I'll try and unwind all the threads of email I've been neglecting and > have something useful to say over the next few days. Thanks. I'll try to get a backward-compatible patch out today (again just for rfc) If not today, at least tomorrow. thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists