| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <482A338C.6040907@ak.jp.nec.com> Date: Wed, 14 May 2008 09:34:20 +0900 From: KaiGai Kohei <kaigai@...jp.nec.com> To: Alexey Dobriyan <adobriyan@...il.com> CC: greg@...ah.com, morgan@...nel.org, serue@...ibm.com, chrisw@...s-sol.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 0/3] exporting capability name/code pairs (for 2.6.26) Alexey Dobriyan wrote: >>> You claim that libcap people can't or don't want to parse such file? >> Yes, >> In the previous discussion, it was undesirable idea to parse a file >> to obtain a new/unknown capability name/code pair, because it tends >> to have bigger number and appears at the tail. >> (If my brain memories it correctly.) >> >>> 0 CAP_CHOWN >>> 1 CAP_DAC_OVERRIDE >>> 2 CAP_DAC_READ_SEARCH >>> 3 CAP_FOWNER >>> 4 CAP_FSETID >>> 5 CAP_KILL >>> 6 CAP_SETGID >>> 7 CAP_SETUID >>> 8 CAP_SETPCAP >>> 9 CAP_LINUX_IMMUTABLE >>> 10 CAP_NET_BIND_SERVICE >>> 11 CAP_NET_BROADCAST >>> 12 CAP_NET_ADMIN >>> 13 CAP_NET_RAW >>> 14 CAP_IPC_LOCK >>> 15 CAP_IPC_OWNER >>> 16 CAP_SYS_MODULE >>> 17 CAP_SYS_RAWIO >>> 18 CAP_SYS_CHROOT >>> 19 CAP_SYS_PTRACE >>> 20 CAP_SYS_PACCT >>> 21 CAP_SYS_ADMIN >>> 22 CAP_SYS_BOOT >>> 23 CAP_SYS_NICE >>> 24 CAP_SYS_RESOURCE >>> 25 CAP_SYS_TIME >>> 26 CAP_SYS_TTY_CONFIG >>> 27 CAP_MKNOD >>> 28 CAP_LEASE >>> 29 CAP_AUDIT_WRITE >>> 30 CAP_AUDIT_CONTROL >>> 31 CAP_SETFCAP >>> 32 CAP_MAC_OVERRIDE >>> 33 CAP_MAC_ADMIN >>> That's what you claim? Do I undestand you correctly? >> Yes, but I don't *oppose* your approach. :) >> >> BTW, I think "version" info should be included as follows: >> 0x20071026 vesion >> 0 cap_chown >> 1 cap_dac_override >> : : > > It shouldn't. You can do capget(42, ...);, get EINVAL and current > version written back. > > Wrap this in libcap if needed. libcap is the primary user of the facility to export capability name/code pairs. I think obviously libcap should wrap this version info and hide it from applications/users. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@...jp.nec.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists