Quoting James Morris ([EMAIL PROTECTED]):
> On Fri, 13 Jul 2007, Serge E. Hallyn wrote:
>
> > Finally, future format compatibility is reduced. If
> > a security.capability xattr is found with too new a version,
> > don't run the binary.
>
> I wonder if the behavior of this should be configurable, so that the admin
> can decide what to do here. She may wish to simply ignore file caps with
> a newer version (e.g. behave like the -ENODATA case).
Yeah, Andrew's response in particular made me think "this is clearly a
security vs usability issue, and maybe it should be configurable." I
figured I'd wait for comment.
I also let it drop for now because we just took up the last available
capability :), so the next change in format will require some rather
major changes anyway.
So the only way to handle it right now would be either to declare now
that when we go to 64-bit caps, the format will be
__le32 magic_etc;
__le32 inh_low;
__le32 perm_low;
__le32 inh_hi;
__le32 perm_hi;
and ignore a size that is too big (which can be compile-time
configurable like you say), or, when we go to 64-bit caps, use the xattr
'security.capability_64'.
(Well, or store 64-bit caps on disk now even though the user caps are
32-bit.)
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
