>On Fri, 2009-07-03 at 05:45 -0700, Casper Dik wrote:
>> This project proposes two new "basic" privileges.
>>
>> FILE_READ
>> Allows a process to read a file or directory whose
>> permission or ACL allow the process read permission.
>>
>> FILE_WRITE
>> Allows a process to write a file or directory whose
>> permission or ACL allow the process write permission.
>
>I have no problem with these new privileges, but do have one question
>regarding the semantics of adding them to the basic set. How will this
>affect processes that may be specifying individual privileges in the
>"basic" set by enumeration rather than specifying "basic" itself in the
>various APIs? Will they cease to be able to read and write files? Do
>such applications exist?
When define a "set of privileges", you must start with the basic set.
This is how the basic set is defined. The basic set is extensible.
Perhaps we need to force that in SMF and in user_attr. Within Solaris, I
found only one manifest which listed needed privileges but it has recently
been fixed.
The private interfaces __init_daemon_priv and __init_suid_priv will
always add the basic set.
The only time when we actually set a limit set to {empty} is by setting
the limit set but we only do that when we do not expect any execve calls.
Casper
