Re: Credentials and Capabilities Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Also sprach rhys tucker:
} You need to look at capable() in sched.h
} 
} 704 static inline int capable(int cap)
} 705 {
} 706 #if 1 /* ok now */
} 707         if (cap_raised(current->cap_effective, cap))
} 708 #else
} 709         if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid
} == 0)
} 710 #endif
} 711         {
} 712                 current->flags |= PF_SUPERPRIV;
} 713                 return 1;
} 714         }
} 715         return 0;
} 716 }
} 
} You obviously don't understand this or *you* wouldn't have asked in the
} first place. I'll try to help out by pointing out what *I* understand.
} 
} 706: I'm really not sure what #if 1 means. if preprocessor commands are
} usually in the form "if defined something". I'll come back to this.

#if 1 simply means that the "then" part of the if-then-else statement
will be used. It has the same effect as if (1) do_this(); else do_that();
does in C (the do_this() will always be called). Doing a #if 0 will
"comment" out a whole section of code which you don't want executed at
that time.

} 709: This is the normal suid/fsuid behaviour. If suid (or fsuid for
} filesystem operations) is NULL, all capabilities tests are passed. 

709 is never executed, though...in fact, it'll never appear in the
compiled binary.

-- 
|| Bill Wendling			wendling@ganymede.isdn.uiuc.edu
-
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
IRC Channel:   irc.openprojects.net / #kernelnewbies
Web Page:      http://www.kernelnewbies.org/


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux