home *** CD-ROM | disk | FTP | other *** search
- From: <bbadger@X102C.harris-atd.com>
-
- In article <412@longway.TIC.COM> you write:
- [with sections liberally elided...]
- [I've removed more from the quoted message. -mod]
- >From: Jeffrey S. Haemer <jsh@usenix.org>
- >...
- >IEEE 1003.6: Security Extensions Update
- >Ana Maria de Alvare <anamaria@lll-lcc.llnl.gov> reports on the July
- >10-14, 1989 meeting, in San Jose, California:
- > 3. PRIVILEGES
- >
- > The privilege group has defined interfaces for file privileges.
- > For example, priv_fstate_t() will return whether privilege for
- > the file is required, allowed, or forbidden. A process's
- > privilege can be permitted, effective, or inheritable.
- Could you explain the meanings of the priv_fstate_t() values?
- I'm guessing:
- process:
- permitted -- process may turn on this privilege
- effective -- process has turned on this privilege
- inheritable -- upon an exec, privilege remains in effect
- file (effect when exec occurs):
- required -- ORs with the permitted and effective
- allowed -- ORs with the permitted
- forbidden -- removes inheritable privileges (and (NOT forb))
-
- p->permitted = (p->inheritable | ip->required | ip->allowed) & ~ip->forbidden
- p->effective = ((p_effective & p->inheritable) | ip->required) & ~ip->forbidden
-
- Is this the intent?
- --
- ----- - - - - - - - ----
- Bernard A. Badger Jr. 407/984-6385 |``Get a LIFE!'' -- J.H. Conway
- Harris GISD, Melbourne, FL 32902 |Buddy, can you paradigm?
- Internet: bbadger%x102c@trantor.harris-atd.com|'s/./&&/g' Tom sed expansively.
-
- Volume-Number: Volume 17, Number 48
-
-
-
