LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
585 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

275 Commits

Author SHA1 Message Date
Michael Kerrisk 31e9a9ec99 Change itacised function names and page xrefs to bold 2005-11-02 11:34:24 +00:00
Michael Kerrisk 9961bb4f07 Formatting fix 2005-11-02 11:06:40 +00:00
Michael Kerrisk 197889d00b Formatting fixes 2005-11-02 10:53:26 +00:00
Michael Kerrisk ac7a498150 Added some comments 2005-10-31 09:47:01 +00:00
Michael Kerrisk 6a0f26867c Reworked (cut down) discussion of capabilities, moving part of 
it into capabilities.7
 2005-10-28 17:40:41 +00:00
Michael Kerrisk bb40bc01bd Add text to note that setresuid() always modifies the file 
system UID, and setresgid() likewise always modifies the
file system GID.
 2005-10-28 16:57:37 +00:00
Michael Kerrisk ae050d9ae1 Formatting fixes 2005-10-28 13:40:41 +00:00
Michael Kerrisk 4a04cd9a4d Fix typos 2005-10-28 13:32:01 +00:00
Michael Kerrisk 62efe3ef2d Hello Andries, 
Let us return to path_resolution.2...

> Von: Andries Brouwer <Andries.Brouwer@cwi.nl>
> Betreff: Re: ***UNCHECKED*** man-pages-2.11
> Datum: Mon, 24 Oct 2005 20:43:42 +0200
> 
> On Mon, Oct 24, 2005 at 05:27:56PM +0200, Michael Kerrisk wrote:
> 
> > PS I changed some text in path_rolution.2, where it seems to 
> > me that you made an error.  But I could be wrong -- you 
> > might like to double check it?
> 
> Hmm, I think it was precisely correct and no longer is.
> 
> I see some change in wording that does not actually change anything,
> and the addition of "as well" that may be incorrect.

Let's begin with a diff:

=====
--- man-pages-2.10/man2/path_resolution.2       2005-07-18 18:17:52.000000000 +0200
+++ man-pages-2.11/man2/path_resolution.2       2005-10-24 13:18:13.000000000 +0200
@@ -185,11 +185,13 @@

 Traditional systems do not use capabilities and root (user ID 0) is
 all-powerful. Such systems are presently (2.6.7) handled by giving root
-all capabilities except for CAP_SETPCAP. More precisely, at exec time
-a process gets all capabilities except CAP_SETPCAP and the five capabilities
+all capabilities except for CAP_SETPCAP. More precisely,
+a process gets all capabilities except CAP_SETPCAP
+and the five capabilities
 CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID,
-in case it has zero effective UID, and it gets these last five capabilities
-in case it has zero fsuid, while all other processes get no capabilities.
+if its effective UID is 0,
+and it gets these last five capabilities if its fsuid is 0 as well,
+while all other processes get no capabilities.

 The CAP_DAC_OVERRIDE capability overrides all permission checking,
 but will only grant execute permission when at least one
====

The main points of change are the following:

1. Removal of discussion of "exec time".

2. Addition of "as well".

I'll start with point 2.  I'm wrong.  I had it in my mind that 
fsuid could only be made 0 if euid was already 0.  But that isn't
true; setfsuid(x) allows us to turn this (somewhat unusual, but
theoretically possible scenario):

Real Eff Saved FS
0    y   y     y

into this (setfsuid() allows us to set the fsuid to any of the R/E/S 
UID values):

Real Eff Saved FS
0    y   y     0

And indeed the process then has the 5 CAP_FS_MASK capabilities,
in its effective set, but none of the others.

I've removed the words "as well".

On to point 1.

I removed "exec time" because it seems misleading.  As far as I can
tell, exec is not directly relevant, except in as much as we exec
a set-user-ID-root program.  The real point is that effective 
capabilities are dropped as a result of changes to the euid and 
fsuid.  Those can happen because we exec a set-user-ID-root program, 
or via manipulations via seteuid(), setfsuid(), and friends.
As such, that change still seems to me to be correct.  But 
perhaps I have still missed something that you were trying to
say.  If so, let me know.

Cheers,

Michael
 2005-10-27 15:33:25 +00:00
Michael Kerrisk 3582e90689 Reworded text around PAGESIZE, noting also that 
sysconf(_SC_PAGESIZE) can be used.
 2005-10-27 11:14:15 +00:00
Michael Kerrisk ed978af23d Added .\" comment about SHMMNI off-by-one error in kernels 2.4.x-2.6.8. 2005-10-26 11:37:47 +00:00
Michael Kerrisk a749f870a8 s/XXX/FIXME/ 2005-10-26 11:27:52 +00:00
Michael Kerrisk f39637fad6 Minor changes 2005-10-26 11:23:22 +00:00
Michael Kerrisk eb57338fe9 Added (brief) description of SHM_HUGETLB. 2005-10-26 10:31:14 +00:00
Michael Kerrisk 75cad98162 Noted that ss_sp is automatically aligned by the kernel. 2005-10-25 15:35:08 +00:00
Michael Kerrisk b270eba946 Added EINVAL error for rlim_cur > rlim_max when calling setrlimit(). 2005-10-24 15:26:31 +00:00
Michael Kerrisk ab2e1a6c34 Repaired discussion of capabilities and file system UID, which 
mistakenly had involved exec() in the discussion.
 2005-10-24 11:18:13 +00:00
Michael Kerrisk 6060319831 formattinf fixes 2005-10-24 09:00:36 +00:00
Michael Kerrisk 1e32103455 Formatting fixes 2005-10-20 15:11:10 +00:00
Michael Kerrisk f87925c6bf Formatting fixes 2005-10-19 16:30:05 +00:00
Michael Kerrisk 4d52e8f81c Formatting fixes 2005-10-19 14:54:31 +00:00
Michael Kerrisk b5cc2ffbaa Formatting fixes 2005-10-19 14:48:35 +00:00
Michael Kerrisk 4a225b7a41 Formatting fixes 2005-10-19 14:16:57 +00:00
Michael Kerrisk a68b4927bf Minor wording fix 2005-10-19 13:54:51 +00:00
Michael Kerrisk d3777ff056 Formatting fix 2005-10-19 13:51:36 +00:00
Michael Kerrisk 35e21ba7ca Formatting fixes 2005-10-19 13:48:50 +00:00
Michael Kerrisk 7eda86b16c Updated FIXME 2005-10-19 13:31:49 +00:00
Michael Kerrisk 3382bd94ff Manual fixes of parentheses formatting 2005-10-19 08:35:30 +00:00
Michael Kerrisk e1d6264d9f Manual fixes for parentheses formatting 2005-10-19 07:29:28 +00:00
Michael Kerrisk 63aa9df02f Automated unformatting of parentheses using unformat_parens.sh 2005-10-19 07:07:02 +00:00
Michael Kerrisk e511ffb6bc Automated addition of parentheses by add_parens_for_own_funcs.sh 2005-10-19 06:54:38 +00:00
Michael Kerrisk a7a0588842 Further improvements to recently changed leases text 2005-10-13 09:30:54 +00:00
Michael Kerrisk 1a6d974a99 Since kernel 2.6.10, a read lease can only be placed on a 
file descriptor that is opened read-only.
See the following LKML thread of Aug 2005
("fcntl(F GETLEASE) semantics??"):
http://marc.theaimsgroup.com/?l=linux-kernel&m=112371777712197&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=112374818213000&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=112376335305284&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=112377294030092&w=2
 2005-10-12 14:54:00 +00:00
Michael Kerrisk 9f8d688afd Added .\" comment pointing out that O_DIRECTORY | O_CREAT causes 
O_DIRECTORY to be ignored
 2005-10-12 10:35:09 +00:00
Michael Kerrisk 4f76dae069 Added description of MREMAP_FIXED and 'new_address' argument under NOTES. 
Revised text of EINVAL error.
 2005-10-11 08:24:39 +00:00
Michael Kerrisk 94604cf710 EINVAL can happen with O_DIRECT 2005-10-10 13:07:32 +00:00
Michael Kerrisk f717467217 s/int/size_t/ for type of 'size' argument (fix from Fedora man-pages-2.07-7 2005-10-04 12:39:34 +00:00
Michael Kerrisk f8ad0aeb4b Added new text for ENOMEM 2005-09-21 15:47:18 +00:00
Michael Kerrisk 314df009da fix version in .TH 2005-09-21 06:28:33 +00:00
Michael Kerrisk 9eabf77ada fix typo 2005-09-21 06:28:16 +00:00
Michael Kerrisk 614f40af1d Further reorking of RLIMIT_NICE text. 
Noted 2.6.12 change in credentials checking for setpriority().
 2005-09-20 17:45:12 +00:00
Michael Kerrisk cedd678ff7 Further reworking of discussion or RLIMIT_NICE and RLIMIT_RTPRIO 2005-09-20 17:43:58 +00:00
Michael Kerrisk 8ba10b3e91 Added cross-reference to setrlimit(2) for discussion on RLIMIT_NICE. 2005-09-20 17:42:39 +00:00
Michael Kerrisk afdee10dbc Further reworking of text on privileges and RLIMIT_RTPRIO 2005-09-20 14:52:34 +00:00
Michael Kerrisk 6151ea9a91 Noted 2.6.12 off-by-one error for RLIMIT_NICE. 2005-09-20 06:52:49 +00:00
Michael Kerrisk 23b1b9bc40 Uncommented text that I wrote earlier that added mention of RLIMIT_NICE 
and a cross reference to getrlimit.2 under the description of the EACCES 
error.
 2005-09-19 14:57:58 +00:00
Michael Kerrisk a23bf8a396 Uncommented description of RLIMIT_NICE that I wrote earlier 2005-09-19 14:57:05 +00:00
Michael Kerrisk 58d323a7f7 Formatting fix 2005-09-19 12:18:57 +00:00
Michael Kerrisk b327744384 Wording improvements to new dumpable text 2005-09-16 15:36:12 +00:00
Michael Kerrisk c0dc044574 Since kernel 2.6.13 PR_SET_DUMPABLE can also have the value 2. 2005-09-16 14:05:39 +00:00