[Rpm-maint] ACL and File Capability Support in RPM

Andrew G. Morgan morgan at kernel.org
Thu Oct 30 18:42:15 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Panu Matilainen wrote:
> On Thu, 30 Oct 2008, Andrew G. Morgan wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Panu,
>>
>> The following change looks a little problematic:
>>
>> http://rpm.org/gitweb?p=rpm.git;a=blobdiff;f=lib/verify.c;h=69fcd162a02fbb43ade1b6635e2f651ff43a9e8e;hp=4658ce99367b6820772554ca90887bf2a3ab026e;hb=db1f9af5e2a4443e64ce10112a9553204bab7f4e;hpb=97ab15cc9eadc1aab563b87a0c92d559cd9e9a41
>>
>>
>> Specifically, cap_size() refers only to the cap_copy_ext() size of the
>> capability set and not the sizeof(*cap_t), so the memory comparison:
>>
>>   memcmp(cap, fcap, cap_size(cap)
>>
>> is not reliably comparing the capability sets - at best this comparison
>> is fragile.
> 
> Oops... thanks for pointing this out.
> 
> So assuming I can't rely on cap_compare() always being there (it being
> Linux-specific extension and even then only in very recent libcap),
> would the following be a reasonable fallback: If cap_size() of both sets
> are equal, grab external presentation of both and memcmp() them?

Yes, that would work - if their size is different they don't match ;-)

Cheers

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJCgAG+bHCR3gb8jsRAgmlAKCd1UQ/Xs+9thRfRGp9OohyB0OIxgCg1XzO
SHp9mfC5yiI2YptShOg8u7Y=
=8FGc
-----END PGP SIGNATURE-----


More information about the Rpm-maint mailing list