Re: [PATCH 1/1] security: introduce file posix caps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 06, 2006 at 09:45:50PM -0600, Serge E. Hallyn wrote:
>  #define CAP_AUDIT_CONTROL    30
>  
> +#define CAP_NUMCAPS	     31

[...]

> +struct vfs_cap_data_struct {
> +	__u32 version;
> +	__u32 effective;
> +	__u32 permitted;
> +	__u32 inheritable;
> +};

[...]

> +static int check_cap_sanity(struct vfs_cap_data_struct *cap)
> +{
> +	int i;
> +
> +	if (cap->version != _LINUX_CAPABILITY_VERSION)
> +		return -EPERM;
> +
> +	for (i=CAP_NUMCAPS; i<sizeof(cap->effective); i++) {
> +		if (cap->effective & CAP_TO_MASK(i))
> +			return -EPERM;
> +	}
> +	for (i=CAP_NUMCAPS; i<sizeof(cap->permitted); i++) {
> +		if (cap->permitted & CAP_TO_MASK(i))
> +			return -EPERM;
> +	}
> +	for (i=CAP_NUMCAPS; i<sizeof(cap->inheritable); i++) {
> +		if (cap->inheritable & CAP_TO_MASK(i))
> +			return -EPERM;
> +	}
> +
> +	return 0;
> +}

for (i=31; i<4; i++) ...

I'm not sure this checks what you think it checks? :)

Thanks

Attachment: pgp1R8QPaZHqt.pgp
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux