validity test in cap_set_proc(), POSIX.1e 25.4.15.2
Casey Schaufler
casey at sgi.com
Mon Dec 10 18:05:05 GMT 2001
Robert Watson wrote:
> Hmm. How is this not addressed through use of the inheritable set?
> ...
Well, that's what I get for not reading my own spec before posting.
In general, the POSIX group always took the position that we
didn't care how the interfaces were used, just how they were
specified. Thus, a check which declares a capset invalid
just because it's stoopid would not be included because each of
us believed that one or more of us where planning to do stoopid
implementations. The intention for cap_valid() was to prevent
applications and kernels from crashing, nothing more. It was
not intended to perform any policy checking.
--
Casey Schaufler Manager, Trust Technology, SGI
casey at sgi.com voice: 650.933.1634
casey_p at pager.sgi.com Pager: 888.220.0607
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list