[Rpm-maint] ACL and File Capability Support in RPM
Panu Matilainen
pmatilai at laiskiainen.org
Thu Oct 30 17:18:49 UTC 2008
On Thu, 30 Oct 2008, Andrew G. Morgan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Panu,
>
> The following change looks a little problematic:
>
> http://rpm.org/gitweb?p=rpm.git;a=blobdiff;f=lib/verify.c;h=69fcd162a02fbb43ade1b6635e2f651ff43a9e8e;hp=4658ce99367b6820772554ca90887bf2a3ab026e;hb=db1f9af5e2a4443e64ce10112a9553204bab7f4e;hpb=97ab15cc9eadc1aab563b87a0c92d559cd9e9a41
>
> Specifically, cap_size() refers only to the cap_copy_ext() size of the
> capability set and not the sizeof(*cap_t), so the memory comparison:
>
> memcmp(cap, fcap, cap_size(cap)
>
> is not reliably comparing the capability sets - at best this comparison
> is fragile.
Oops... thanks for pointing this out.
So assuming I can't rely on cap_compare() always being there (it being
Linux-specific extension and even then only in very recent libcap), would
the following be a reasonable fallback: If cap_size() of both sets are
equal, grab external presentation of both and memcmp() them?
- Panu -
More information about the Rpm-maint
mailing list