SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [patch] selinux_capget() This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Russell Coker <russell_at_coker.com.au> Date: Mon, 20 Dec 2004 12:16:19 +1100 On Wednesday 15 December 2004 03:22, Casey Schaufler <casey@schaufler-ca.com> wrote: > > How does the application determine the real > > effective set? > > The short answer is that it doesn't. How do you > determine if you can really open a file for write > access? The real world behavior is to check what > you know about (e.g. UID, mode bits) and hope that > you'll pass any additinoal constraints (e.g. ACLS, > capabilities, mount options) that might apply. Then > try it and check the error return. Doesn't access(2) deal with ACLs and mount options? > which is a generalized version of access(2), that > notoriously unuseful syscall. Needless to say, such > an inferface is impracticle and would still yield > false positives. A faccess(2) syscall would be handy if you are contributing to further POSIX standards... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sun 19 Dec 2004 - 20:16:31 EST This message: [ Message body ] Next message: Chris PeBenito: "[patch] disable policycoreutils locale option" Previous message: Russell Coker: "Re: [patch] selinux_capget()" In reply to: Casey Schaufler: "Re: [patch] selinux_capget()" Next in thread: Casey Schaufler: "Re: [patch] selinux_capget()" Reply: Casey Schaufler: "Re: [patch] selinux_capget()" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom