validity test in cap_set_proc(), POSIX.1e 25.4.15.2
Robert Watson
rwatson at FreeBSD.org
Wed Dec 5 16:51:17 GMT 2001
POSIX.1e D17 25.4.15.2 reads:
The function cap_set_proc() shall set the values for all capability
flags for all capabilities defined in the implementation with the
capability state identified by cap_p. The new capability state of the
process shall be completely determined by the contents of cap_p upon
successful return from this function. If any flag in cap_p is set for
any capability not currently permitted for the calling process, the
function shall fail, and the capability state of the process shall
remain unchanged.
In our currently implementation, we impose an additional check on cap_p
provided to cap_set_proc(): we require that the resulting capability set
be "valid" in the sense that the new effective capabilities be a subset of
the new permitted capabilities. Does anyone else take this reading, and
if not, is there a good reason not to?
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org NAI Labs, Safeport Network Services
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list