-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Serge E. Hallyn wrote: >> This is not intended behavior. It should be fixed (aka such support >> removed). Capabilities should only be available on executable files - >> not directories, symlinks or anything else... > > So do you plan on returning an error when libcap is asked to put file > capabilities on a directory, or were you saying you think it should be > fixed in the kernel?
I'll take a look at putting this check into libcap. My initial impression was that it should be fixed in the kernel. However, your comment got me thinking... Back in the good-olde-days, the filesystem capability support (ie., my long abandoned patches http://www.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4-fcap/ ) was all through the sys_capset/sys_capget function calls which leveraged the 'odd' calling convention of these calls to figure out whether the target was a file or a process. Amusingly, the last version of the patch (circa 2001) even contained the following comment: + /* + * XXX - Here, we should probably verify that the file + * is regular executable - not a directory or link. + */ The point being that all of the smarts back then were in the kernel. > If the latter I half-heartedly disagree - the capabilities are just > xattrs. We can have the capability module do a check, but of course a > non-capability kernel won't have those checks anyway. Since at least half of these smarts are now in libcap its not unreasonable to address this in libcap. Cheers Andrew -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHd9Mc+bHCR3gb8jsRAnw5AJ99moG3YyV7yMRQfBjNyEROM1R1PwCcDPO3 qoLjD1s8JToDE0jzhybPcGE= =B2yf -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html