[Rpm-maint] ACL and File Capability Support in RPM

Andrew G. Morgan morgan at kernel.org
Thu Oct 30 15:58:45 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Panu,

The following change looks a little problematic:

http://rpm.org/gitweb?p=rpm.git;a=blobdiff;f=lib/verify.c;h=69fcd162a02fbb43ade1b6635e2f651ff43a9e8e;hp=4658ce99367b6820772554ca90887bf2a3ab026e;hb=db1f9af5e2a4443e64ce10112a9553204bab7f4e;hpb=97ab15cc9eadc1aab563b87a0c92d559cd9e9a41

Specifically, cap_size() refers only to the cap_copy_ext() size of the
capability set and not the sizeof(*cap_t), so the memory comparison:

   memcmp(cap, fcap, cap_size(cap)

is not reliably comparing the capability sets - at best this comparison
is fragile.

Cheers

Andrew

Panu Matilainen wrote:
> On Mon, 27 Oct 2008, Panu Matilainen wrote:
>> I added the initial bits to rpm.org HEAD yesterday, essentially
>> Andreas' patch except using libcap instead of looking at file xattr
>> info. I intend to implement + add the rest fairly soon.
> 
> ...and the rest is committed to rpm.org HEAD now. Might be missing some
> corner cases and odd bits but the basics work:
> - spec filelist now accepts %caps(<capabilities>) and stores in headers
> - install/upgrade set capabilities on filesystem
> - verification is updated to match with the above
> 
>     - Panu -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJCdm0+bHCR3gb8jsRAj1tAJ9xgGdiE9DsJQGRejejU9qrCFb/rgCdGP1Y
TECIvIFcVOPJhb4grLcmwpc=
=ql9P
-----END PGP SIGNATURE-----


More information about the Rpm-maint mailing list