LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
669 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

669 Commits

Author SHA1 Message Date
Michael Kerrisk bb40bc01bd Add text to note that setresuid() always modifies the file 
system UID, and setresgid() likewise always modifies the
file system GID.
 2005-10-28 16:57:37 +00:00
Michael Kerrisk 6e1ffb9817 Formatting fix 2005-10-28 13:43:45 +00:00
Michael Kerrisk ae050d9ae1 Formatting fixes 2005-10-28 13:40:41 +00:00
Michael Kerrisk a94dba21dc Formatting fixes 2005-10-28 13:35:35 +00:00
Michael Kerrisk 4a04cd9a4d Fix typos 2005-10-28 13:32:01 +00:00
Michael Kerrisk bf93c935d1 s/GNU_SOURCE/_GNU_SOURCE/ 2005-10-28 13:27:52 +00:00
Michael Kerrisk 62efe3ef2d Hello Andries, 
Let us return to path_resolution.2...

> Von: Andries Brouwer <Andries.Brouwer@cwi.nl>
> Betreff: Re: ***UNCHECKED*** man-pages-2.11
> Datum: Mon, 24 Oct 2005 20:43:42 +0200
> 
> On Mon, Oct 24, 2005 at 05:27:56PM +0200, Michael Kerrisk wrote:
> 
> > PS I changed some text in path_rolution.2, where it seems to 
> > me that you made an error.  But I could be wrong -- you 
> > might like to double check it?
> 
> Hmm, I think it was precisely correct and no longer is.
> 
> I see some change in wording that does not actually change anything,
> and the addition of "as well" that may be incorrect.

Let's begin with a diff:

=====
--- man-pages-2.10/man2/path_resolution.2       2005-07-18 18:17:52.000000000 +0200
+++ man-pages-2.11/man2/path_resolution.2       2005-10-24 13:18:13.000000000 +0200
@@ -185,11 +185,13 @@

 Traditional systems do not use capabilities and root (user ID 0) is
 all-powerful. Such systems are presently (2.6.7) handled by giving root
-all capabilities except for CAP_SETPCAP. More precisely, at exec time
-a process gets all capabilities except CAP_SETPCAP and the five capabilities
+all capabilities except for CAP_SETPCAP. More precisely,
+a process gets all capabilities except CAP_SETPCAP
+and the five capabilities
 CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID,
-in case it has zero effective UID, and it gets these last five capabilities
-in case it has zero fsuid, while all other processes get no capabilities.
+if its effective UID is 0,
+and it gets these last five capabilities if its fsuid is 0 as well,
+while all other processes get no capabilities.

 The CAP_DAC_OVERRIDE capability overrides all permission checking,
 but will only grant execute permission when at least one
====

The main points of change are the following:

1. Removal of discussion of "exec time".

2. Addition of "as well".

I'll start with point 2.  I'm wrong.  I had it in my mind that 
fsuid could only be made 0 if euid was already 0.  But that isn't
true; setfsuid(x) allows us to turn this (somewhat unusual, but
theoretically possible scenario):

Real Eff Saved FS
0    y   y     y

into this (setfsuid() allows us to set the fsuid to any of the R/E/S 
UID values):

Real Eff Saved FS
0    y   y     0

And indeed the process then has the 5 CAP_FS_MASK capabilities,
in its effective set, but none of the others.

I've removed the words "as well".

On to point 1.

I removed "exec time" because it seems misleading.  As far as I can
tell, exec is not directly relevant, except in as much as we exec
a set-user-ID-root program.  The real point is that effective 
capabilities are dropped as a result of changes to the euid and 
fsuid.  Those can happen because we exec a set-user-ID-root program, 
or via manipulations via seteuid(), setfsuid(), and friends.
As such, that change still seems to me to be correct.  But 
perhaps I have still missed something that you were trying to
say.  If so, let me know.

Cheers,

Michael
 2005-10-27 15:33:25 +00:00
Michael Kerrisk 3582e90689 Reworded text around PAGESIZE, noting also that 
sysconf(_SC_PAGESIZE) can be used.
 2005-10-27 11:14:15 +00:00
Michael Kerrisk d1a6e6ff04 Change <netinet/in.h> to <arpa/inet.h> in prototype; add text 
explaining that some systems need the former header.
As per Debian bug 265244
 2005-10-27 09:58:45 +00:00
Michael Kerrisk 56eec1b645 Misc changes 2005-10-27 08:15:23 +00:00
Michael Kerrisk ed978af23d Added .\" comment about SHMMNI off-by-one error in kernels 2.4.x-2.6.8. 2005-10-26 11:37:47 +00:00
Michael Kerrisk a749f870a8 s/XXX/FIXME/ 2005-10-26 11:27:52 +00:00
Michael Kerrisk f39637fad6 Minor changes 2005-10-26 11:23:22 +00:00
Michael Kerrisk eb57338fe9 Added (brief) description of SHM_HUGETLB. 2005-10-26 10:31:14 +00:00
Michael Kerrisk 75cad98162 Noted that ss_sp is automatically aligned by the kernel. 2005-10-25 15:35:08 +00:00
Michael Kerrisk feb41987c0 Start of 2.12 2005-10-24 16:33:34 +00:00
Michael Kerrisk 773df4c9c5 Start of 2.12 2005-10-24 16:32:49 +00:00
Michael Kerrisk 661cacfd6c Prepare for 2.11 2005-10-24 15:36:48 +00:00
Michael Kerrisk 4c312a693c Prepare for 2.11 2005-10-24 15:35:28 +00:00
Michael Kerrisk b270eba946 Added EINVAL error for rlim_cur > rlim_max when calling setrlimit(). 2005-10-24 15:26:31 +00:00
Michael Kerrisk 8e33676f52 Formatting fixes 2005-10-24 13:01:46 +00:00
Michael Kerrisk 9bc4f5f8d9 Minor changes 2005-10-24 11:22:35 +00:00
Michael Kerrisk ab2e1a6c34 Repaired discussion of capabilities and file system UID, which 
mistakenly had involved exec() in the discussion.
 2005-10-24 11:18:13 +00:00
Michael Kerrisk 62f38a5fa6 Formatting fixes 2005-10-24 09:14:25 +00:00
Michael Kerrisk c6f82ebc77 Formatting fixes 2005-10-24 09:05:27 +00:00
Michael Kerrisk 6060319831 formattinf fixes 2005-10-24 09:00:36 +00:00
Michael Kerrisk e4bd7c17b9 Formatting fixes 2005-10-24 08:55:52 +00:00
Michael Kerrisk 1e32103455 Formatting fixes 2005-10-20 15:11:10 +00:00
Michael Kerrisk f87925c6bf Formatting fixes 2005-10-19 16:30:05 +00:00
Michael Kerrisk bee2a27738 Fix capitalisations 2005-10-19 14:57:33 +00:00
Michael Kerrisk 4d52e8f81c Formatting fixes 2005-10-19 14:54:31 +00:00
Michael Kerrisk b5cc2ffbaa Formatting fixes 2005-10-19 14:48:35 +00:00
Michael Kerrisk 4a225b7a41 Formatting fixes 2005-10-19 14:16:57 +00:00
Michael Kerrisk a68b4927bf Minor wording fix 2005-10-19 13:54:51 +00:00
Michael Kerrisk d3777ff056 Formatting fix 2005-10-19 13:51:36 +00:00
Michael Kerrisk 35e21ba7ca Formatting fixes 2005-10-19 13:48:50 +00:00
Michael Kerrisk 7eda86b16c Updated FIXME 2005-10-19 13:31:49 +00:00
Michael Kerrisk bf5f35c0ff Minor wording fix 2005-10-19 13:22:01 +00:00
Michael Kerrisk 4009dcc539 formatting fix 2005-10-19 13:21:05 +00:00
Michael Kerrisk d302a9a9c3 spelling fixx 2005-10-19 13:20:29 +00:00
Michael Kerrisk 9ef334c7cc remove parens from function name in .SH NAME section 2005-10-19 13:19:53 +00:00
Michael Kerrisk 27e59a1f0b Minor wording fix 2005-10-19 13:18:58 +00:00
Michael Kerrisk 826b3f2763 Formatting fix 2005-10-19 13:17:47 +00:00
Michael Kerrisk 1c4700c568 Minor change to RETURN VALUE text. 2005-10-19 13:15:49 +00:00
Michael Kerrisk d85bdf28e3 Start of 2.11 2005-10-19 13:11:27 +00:00
Michael Kerrisk ea9046864b Start of 2.11 release 2005-10-19 12:53:31 +00:00
Michael Kerrisk d77fe1c441 Prepare for 2.10 2005-10-19 12:45:56 +00:00
Michael Kerrisk 3399ba3ae5 minor fixes 2005-10-19 12:42:20 +00:00
Michael Kerrisk 30ac2aa66f prepare for 2.10 2005-10-19 12:40:31 +00:00
Michael Kerrisk 6f9c0c6b3b Maintenance scripts 2005-10-19 12:04:53 +00:00