lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Dec 2016 15:55:35 +0100 From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com> To: Casey Schaufler <casey@...aufler-ca.com>, John Stultz <john.stultz@...aro.org> Cc: mtk.manpages@...il.com, "Serge E. Hallyn" <serge@...lyn.com>, James Morris <jmorris@...ei.org>, Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...capital.net>, Jann Horn <jann@...jh.net>, "Eric W. Biederman" <ebiederm@...ssion.com>, linux-man <linux-man@...r.kernel.org>, linux-security-module <linux-security-module@...r.kernel.org>, lkml <linux-kernel@...r.kernel.org> Subject: Re: RFC: capabilities(7): notes for kernel developers On 12/16/2016 01:44 AM, Casey Schaufler wrote: > On 12/15/2016 4:31 PM, John Stultz wrote: >> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler >> <casey@...aufler-ca.com> wrote: >>> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote: >>>> On 12/15/2016 05:29 PM, Casey Schaufler wrote: >>>>> CAP_WAKE_ALARM could readily be CAP_TIME. >>>> Actually, I don't quite understand what you mean with that sentence. >>>> Could you elaborate? >>> Should have said CAP_SYS_TIME >>> >>> Setting an alarm could be considered a time management function, >>> depending on what it actually does. >> Just a nit here. CAP_WAKE_ALARM is more about the privilege of waking >> a system from suspend, while CAP_SYS_TIME covers the ability to set >> the time. One wouldn't necessarily want to give applications which >> could wake a system up the capability to also set the time. > > Doesn't really matter, except that an ignorant developer > might make the mistake I did and assume that WAKE_ALARM > was somehow related to time management. If you want to use > it as an example don't let my dunderheadedness get in your > way. Actually, I decided it wasn't such a good example anyway. That capability could potentially be generic. (But it probably should better have been named something like 'CAP_WAKE_SYSTEM'.) >> thanks >> -john > > Again, thank you for taking this on. It should be a > big help. You're welcome. And thanks for your help, Casey. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
Powered by blists - more mailing lists