LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
591 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

591 Commits

Author SHA1 Message Date
Michael Kerrisk dbc05af486 2.13 2005-11-03 13:53:20 +00:00
Michael Kerrisk 9d840658a6 prepare for 2.13 2005-11-03 13:50:10 +00:00
Michael Kerrisk fe209df6b5 Prepare for 2.13 2005-11-03 13:48:26 +00:00
Michael Kerrisk bd12ab88af Formatting fixes 2005-11-03 12:47:27 +00:00
Michael Kerrisk 8478ee0279 Formatting fixes 2005-11-02 13:55:25 +00:00
Michael Kerrisk 836f07c1c3 Change things like "NULL-terminated string" to "null-terminated string" 2005-11-02 11:55:24 +00:00
Michael Kerrisk c02d27b62f space clean-up 2005-11-02 11:44:23 +00:00
Michael Kerrisk 31e9a9ec99 Change itacised function names and page xrefs to bold 2005-11-02 11:34:24 +00:00
Michael Kerrisk e6b40d46c1 Formatting fixes 2005-11-02 11:11:03 +00:00
Michael Kerrisk 8a9648b96f Formatting fixes 2005-11-02 11:10:24 +00:00
Michael Kerrisk 9961bb4f07 Formatting fix 2005-11-02 11:06:40 +00:00
Michael Kerrisk 197889d00b Formatting fixes 2005-11-02 10:53:26 +00:00
Michael Kerrisk 3c5eadeeb4 start of 2.13 2005-10-31 10:12:26 +00:00
Michael Kerrisk 40bab9ee97 start of 2.13 2005-10-31 10:11:28 +00:00
Michael Kerrisk 202a86106b Start of 2.13 2005-10-31 10:10:46 +00:00
Michael Kerrisk aa56540232 2.12 2005-10-31 10:01:45 +00:00
Michael Kerrisk 8ce5e7acff Prepare for 2.12 release 2005-10-31 09:58:33 +00:00
Michael Kerrisk 35fb7de5c5 Added comment 2005-10-31 09:48:53 +00:00
Michael Kerrisk ac7a498150 Added some comments 2005-10-31 09:47:01 +00:00
Michael Kerrisk 66eca51e97 Formatting fixes 2005-10-28 17:48:03 +00:00
Michael Kerrisk 3dfe7e0ddd Reworked part of the discussion of exec() and capabilities. 
Added sub-section "Effect of User ID Changes on Capabilities".
Reworked discussion of CAP_SYS_ADMIN and file-max.
 2005-10-28 17:41:30 +00:00
Michael Kerrisk 6a0f26867c Reworked (cut down) discussion of capabilities, moving part of 
it into capabilities.7
 2005-10-28 17:40:41 +00:00
Michael Kerrisk bb40bc01bd Add text to note that setresuid() always modifies the file 
system UID, and setresgid() likewise always modifies the
file system GID.
 2005-10-28 16:57:37 +00:00
Michael Kerrisk 6e1ffb9817 Formatting fix 2005-10-28 13:43:45 +00:00
Michael Kerrisk ae050d9ae1 Formatting fixes 2005-10-28 13:40:41 +00:00
Michael Kerrisk a94dba21dc Formatting fixes 2005-10-28 13:35:35 +00:00
Michael Kerrisk 4a04cd9a4d Fix typos 2005-10-28 13:32:01 +00:00
Michael Kerrisk bf93c935d1 s/GNU_SOURCE/_GNU_SOURCE/ 2005-10-28 13:27:52 +00:00
Michael Kerrisk 62efe3ef2d Hello Andries, 
Let us return to path_resolution.2...

> Von: Andries Brouwer <Andries.Brouwer@cwi.nl>
> Betreff: Re: ***UNCHECKED*** man-pages-2.11
> Datum: Mon, 24 Oct 2005 20:43:42 +0200
> 
> On Mon, Oct 24, 2005 at 05:27:56PM +0200, Michael Kerrisk wrote:
> 
> > PS I changed some text in path_rolution.2, where it seems to 
> > me that you made an error.  But I could be wrong -- you 
> > might like to double check it?
> 
> Hmm, I think it was precisely correct and no longer is.
> 
> I see some change in wording that does not actually change anything,
> and the addition of "as well" that may be incorrect.

Let's begin with a diff:

=====
--- man-pages-2.10/man2/path_resolution.2       2005-07-18 18:17:52.000000000 +0200
+++ man-pages-2.11/man2/path_resolution.2       2005-10-24 13:18:13.000000000 +0200
@@ -185,11 +185,13 @@

 Traditional systems do not use capabilities and root (user ID 0) is
 all-powerful. Such systems are presently (2.6.7) handled by giving root
-all capabilities except for CAP_SETPCAP. More precisely, at exec time
-a process gets all capabilities except CAP_SETPCAP and the five capabilities
+all capabilities except for CAP_SETPCAP. More precisely,
+a process gets all capabilities except CAP_SETPCAP
+and the five capabilities
 CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID,
-in case it has zero effective UID, and it gets these last five capabilities
-in case it has zero fsuid, while all other processes get no capabilities.
+if its effective UID is 0,
+and it gets these last five capabilities if its fsuid is 0 as well,
+while all other processes get no capabilities.

 The CAP_DAC_OVERRIDE capability overrides all permission checking,
 but will only grant execute permission when at least one
====

The main points of change are the following:

1. Removal of discussion of "exec time".

2. Addition of "as well".

I'll start with point 2.  I'm wrong.  I had it in my mind that 
fsuid could only be made 0 if euid was already 0.  But that isn't
true; setfsuid(x) allows us to turn this (somewhat unusual, but
theoretically possible scenario):

Real Eff Saved FS
0    y   y     y

into this (setfsuid() allows us to set the fsuid to any of the R/E/S 
UID values):

Real Eff Saved FS
0    y   y     0

And indeed the process then has the 5 CAP_FS_MASK capabilities,
in its effective set, but none of the others.

I've removed the words "as well".

On to point 1.

I removed "exec time" because it seems misleading.  As far as I can
tell, exec is not directly relevant, except in as much as we exec
a set-user-ID-root program.  The real point is that effective 
capabilities are dropped as a result of changes to the euid and 
fsuid.  Those can happen because we exec a set-user-ID-root program, 
or via manipulations via seteuid(), setfsuid(), and friends.
As such, that change still seems to me to be correct.  But 
perhaps I have still missed something that you were trying to
say.  If so, let me know.

Cheers,

Michael
 2005-10-27 15:33:25 +00:00
Michael Kerrisk 3582e90689 Reworded text around PAGESIZE, noting also that 
sysconf(_SC_PAGESIZE) can be used.
 2005-10-27 11:14:15 +00:00
Michael Kerrisk d1a6e6ff04 Change <netinet/in.h> to <arpa/inet.h> in prototype; add text 
explaining that some systems need the former header.
As per Debian bug 265244
 2005-10-27 09:58:45 +00:00
Michael Kerrisk 56eec1b645 Misc changes 2005-10-27 08:15:23 +00:00
Michael Kerrisk ed978af23d Added .\" comment about SHMMNI off-by-one error in kernels 2.4.x-2.6.8. 2005-10-26 11:37:47 +00:00
Michael Kerrisk a749f870a8 s/XXX/FIXME/ 2005-10-26 11:27:52 +00:00
Michael Kerrisk f39637fad6 Minor changes 2005-10-26 11:23:22 +00:00
Michael Kerrisk eb57338fe9 Added (brief) description of SHM_HUGETLB. 2005-10-26 10:31:14 +00:00
Michael Kerrisk 75cad98162 Noted that ss_sp is automatically aligned by the kernel. 2005-10-25 15:35:08 +00:00
Michael Kerrisk feb41987c0 Start of 2.12 2005-10-24 16:33:34 +00:00
Michael Kerrisk 773df4c9c5 Start of 2.12 2005-10-24 16:32:49 +00:00
Michael Kerrisk 661cacfd6c Prepare for 2.11 2005-10-24 15:36:48 +00:00
Michael Kerrisk 4c312a693c Prepare for 2.11 2005-10-24 15:35:28 +00:00
Michael Kerrisk b270eba946 Added EINVAL error for rlim_cur > rlim_max when calling setrlimit(). 2005-10-24 15:26:31 +00:00
Michael Kerrisk 8e33676f52 Formatting fixes 2005-10-24 13:01:46 +00:00
Michael Kerrisk 9bc4f5f8d9 Minor changes 2005-10-24 11:22:35 +00:00
Michael Kerrisk ab2e1a6c34 Repaired discussion of capabilities and file system UID, which 
mistakenly had involved exec() in the discussion.
 2005-10-24 11:18:13 +00:00
Michael Kerrisk 62f38a5fa6 Formatting fixes 2005-10-24 09:14:25 +00:00
Michael Kerrisk c6f82ebc77 Formatting fixes 2005-10-24 09:05:27 +00:00
Michael Kerrisk 6060319831 formattinf fixes 2005-10-24 09:00:36 +00:00
Michael Kerrisk e4bd7c17b9 Formatting fixes 2005-10-24 08:55:52 +00:00
Michael Kerrisk 1e32103455 Formatting fixes 2005-10-20 15:11:10 +00:00