On Wed, Sep 19, 2007 at 09:11:26PM -0700, Andrew Morgan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> David Howells wrote:
> > Move the effective capabilities mask from the task struct into the
> > credentials
> > record.
> >
> > Note that the effective capabilities mask in the
On Wed, Sep 19, 2007 at 09:11:26PM -0700, Andrew Morgan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Howells wrote:
Move the effective capabilities mask from the task struct into the
credentials
record.
Note that the effective capabilities mask in the cred struct
On Thu, 2007-09-20 at 08:36 -0700, Casey Schaufler wrote:
> Ok, what can't be copied, and why can't it be copied?
In practice, no security information can be copied because the checks
are all made on the "current" pointer. There is no mechanism other than
'current' for passing security
--- Trond Myklebust <[EMAIL PROTECTED]> wrote:
> On Wed, 2007-09-19 at 21:11 -0700, Andrew Morgan wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > David Howells wrote:
> > > Move the effective capabilities mask from the task struct into the
> credentials
> > > record.
> > >
On Wed, 2007-09-19 at 21:11 -0700, Andrew Morgan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> David Howells wrote:
> > Move the effective capabilities mask from the task struct into the
> > credentials
> > record.
> >
> > Note that the effective capabilities mask in the cred
Andrew Morgan <[EMAIL PROTECTED]> wrote:
> OOC If we were to simply drop support for one process changing the
> capabilities of another, would we need this patch?
Well, the patch could be less, but there's still the possibility of a kernel
service wanting to override the capabilities mask.
Andrew Morgan [EMAIL PROTECTED] wrote:
OOC If we were to simply drop support for one process changing the
capabilities of another, would we need this patch?
Well, the patch could be less, but there's still the possibility of a kernel
service wanting to override the capabilities mask.
David
-
On Wed, 2007-09-19 at 21:11 -0700, Andrew Morgan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Howells wrote:
Move the effective capabilities mask from the task struct into the
credentials
record.
Note that the effective capabilities mask in the cred struct shadows
On Thu, 2007-09-20 at 08:36 -0700, Casey Schaufler wrote:
Ok, what can't be copied, and why can't it be copied?
In practice, no security information can be copied because the checks
are all made on the current pointer. There is no mechanism other than
'current' for passing security information
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Howells wrote:
> Move the effective capabilities mask from the task struct into the credentials
> record.
>
> Note that the effective capabilities mask in the cred struct shadows that in
> the task_struct because a thread can have its
Move the effective capabilities mask from the task struct into the credentials
record.
Note that the effective capabilities mask in the cred struct shadows that in
the task_struct because a thread can have its capabilities masks changed by
another thread. The shadowing is performed by
Move the effective capabilities mask from the task struct into the credentials
record.
Note that the effective capabilities mask in the cred struct shadows that in
the task_struct because a thread can have its capabilities masks changed by
another thread. The shadowing is performed by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Howells wrote:
Move the effective capabilities mask from the task struct into the credentials
record.
Note that the effective capabilities mask in the cred struct shadows that in
the task_struct because a thread can have its capabilities
13 matches
Mail list logo