Re: intent to package libcap

To: debian-devel@lists.debian.org
Subject: Re: intent to package libcap
From: Daniel Jacobowitz <dan@debian.org>
Date: Thu, 18 Mar 1999 11:35:44 -0500
Message-id: <[🔎] 19990318113544.A20131@drow.res.cmu.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] s2vvhfzw2d5.fsf@mermaid.ucc.gu.uwa.edu.au>; from Mikolaj J. Habryn on Thu, Mar 18, 1999 at 05:53:10PM +0800
References: <[🔎] s2vbthr2nbe.fsf@mermaid.ucc.gu.uwa.edu.au> <[🔎] 19990318102145.A3667@ultra5.wi.leidenuniv.nl> <[🔎] s2vvhfzw2d5.fsf@mermaid.ucc.gu.uwa.edu.au>

Wow, what amazing timing.  Yesterday, by request, I put together a
libcap1 package.  I made just about all the same decisions about it
that you did.  Since you seem to be much more on top of capabilities
than I am, though, you can obviously have it :)


I do have one patch, from the ProFTP author, which still seems to
apply.  It looks as if it fixes a fairly important typo.  Could you
figure out if this is still needed?


On Thu, Mar 18, 1999 at 05:53:10PM +0800, Mikolaj J. Habryn wrote:
>     JHMD> BTW, can you provide a URL for an introduction to the
>     JHMD> capabilities stuff?
> 
>   http://www.guug.de/~winni/posix.1e/
> 
>   Note that the capabilities stuff is presently an academic
> exercise. Currently capabilities are effectively meaningless to
> non-root processes (they are irrevocably lost upon setuid away from
> root or an exec). So, while you can remove privileges from root, you
> can't, unfortunately, remove fundamental things like r/w access to
> root owned files (at least, there doesn't appear to be a way to do
> it).
> 
>   I wrote a patch that allows non-root processes to inherit
> privileges, but I'm not sure what else it breaks, and I've yet to hear 
> back from the author about it.


Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|     CMU, CS class of 2002      |
|   Debian GNU/Linux Developer    __   Part-Time Systems Programmer  |
|         dan@debian.org         |  |        drow@cs.cmu.edu         |
\--------------------------------/  \--------------------------------/

>From flood@inflicted.net Wed Oct  7 15:28:16 1998
Received: from self.inflicted.net (flood@self.inflicted.net [208.143.216.18])
	by mindcryme.com (8.8.8/8.8.8) with ESMTP id PAA09219
	for <drow@false.org>; Wed, 7 Oct 1998 15:28:16 -0400
Received: from localhost (flood@localhost)
	by self.inflicted.net (8.8.8/8.8.8/Debian/GNU) with SMTP id QAA28100
	for <drow@false.org>; Wed, 7 Oct 1998 16:00:18 -0400
Date: Wed, 7 Oct 1998 16:00:18 -0400 (EDT)
From: Floody G <flood@inflicted.net>
To: drow@false.org
Subject: libcap-0.104 patch
Message-ID: <Pine.LNX.3.96.981007155857.28098A-100000@self.inflicted.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO

diff -r -u libcap-0.104.orig/libcap/libcap.h libcap-0.104/libcap/libcap.h
--- libcap-0.104.orig/libcap/libcap.h	Sun Jun  7 20:15:28 1998
+++ libcap-0.104/libcap/libcap.h	Sat Sep 19 17:00:49 1998
@@ -61,7 +61,7 @@
     __u32 _blk[__CAP_BLKS];
 } __cap_s;
 #define raise_cap(x)   _blk[(x)>>5] |= (1<<((x)&31))
-#define lower_cap(x)   _blk[(x)>>5] |= (1<<((x)&31))
+#define lower_cap(x)   _blk[(x)>>5] &= ~(1<<((x)&31))
 #define isset_cap(y,x) ((y)->_blk[(x)>>5] & (1<<((x)&31)))
 
 /*

Reply to:

Follow-Ups:
- Re: intent to package libcap
  - From: dichro-5082c2b@eris.rcpt.to (Mikolaj J. Habryn)

References:
- intent to package libcap
  - From: dichro-588f458@eris.rcpt.to (Mikolaj J. Habryn)
- Re: intent to package libcap
  - From: "J.H.M. Dassen" <jdassen@wi.leidenuniv.nl>
- Re: intent to package libcap
  - From: dichro-fb8a3ca3@eris.rcpt.to (Mikolaj J. Habryn)

Prev by Date: Re: Let's CENSOR it! (was: Uploaded anarchism 7.5-1 (source all) to master)
Next by Date: Re: APSL Hidden Nasty's
Previous by thread: Re: intent to package libcap
Next by thread: Re: intent to package libcap
Index(es):
- Date
- Thread