Standards Update, IEEE 1003.6: Security Extensions
bbadger at X102C.harris-atd.com
bbadger at X102C.harris-atd.com
Thu Oct 26 00:41:51 AEST 1989
From: <bbadger at X102C.harris-atd.com>
In article <412 at longway.TIC.COM> you write:
[with sections liberally elided...]
[I've removed more from the quoted message. -mod]
>From: Jeffrey S. Haemer <jsh at usenix.org>
>...
>IEEE 1003.6: Security Extensions Update
>Ana Maria de Alvare <anamaria at lll-lcc.llnl.gov> reports on the July
>10-14, 1989 meeting, in San Jose, California:
> 3. PRIVILEGES
>
> The privilege group has defined interfaces for file privileges.
> For example, priv_fstate_t() will return whether privilege for
> the file is required, allowed, or forbidden. A process's
> privilege can be permitted, effective, or inheritable.
Could you explain the meanings of the priv_fstate_t() values?
I'm guessing:
process:
permitted -- process may turn on this privilege
effective -- process has turned on this privilege
inheritable -- upon an exec, privilege remains in effect
file (effect when exec occurs):
required -- ORs with the permitted and effective
allowed -- ORs with the permitted
forbidden -- removes inheritable privileges (and (NOT forb))
p->permitted = (p->inheritable | ip->required | ip->allowed) & ~ip->forbidden
p->effective = ((p_effective & p->inheritable) | ip->required) & ~ip->forbidden
Is this the intent?
--
----- - - - - - - - ----
Bernard A. Badger Jr. 407/984-6385 |``Get a LIFE!'' -- J.H. Conway
Harris GISD, Melbourne, FL 32902 |Buddy, can you paradigm?
Internet: bbadger%x102c at trantor.harris-atd.com|'s/./&&/g' Tom sed expansively.
Volume-Number: Volume 17, Number 48
More information about the Comp.std.unix
mailing list