Hi Nicholas,
On Sat, Jul 02, 2005 at 10:41:08PM +0100, Nicholas Hans Simmonds wrote:
> This is a simple attempt at providing capability support through extended
> attributes.
> ...
> +#define XATTR_CAP_SET XATTR_SECURITY_PREFIX "cap_set"
> ...
> + ret = bprm_getxattr(bprm_dentry,XATTR_CAP_SET,&caps,sizeof(caps));
> + if(ret == sizeof(caps)) {
> + if(caps.version == _LINUX_CAPABILITY_VERSION) {
> + cap_t(bprm->cap_effective) &= caps.mask_effective;
> ...
Since this is being stored on-disk, you may want to consider
endianness issues. I guess for binaries this isn't really a
problem (since they're unlikely to be run on other platforms),
though perhaps it is for shell scripts and the like. Storing
values in native endianness poses problems for backup/restore
programs, NFS, etc.
IIRC, the other LSM security attribute values are stored as
ASCII strings on-disk to avoid this sort of issue.
cheers.
--
Nathan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |