>>> Yes I what to strengthen the formula not weaken it.
>>> pP'= (fP & x) | (fI & pI & pP)
>>> for proper files x can be ~0 otherwise 0 .
>>
>> Your pP' fits into my equation as d_pP. (but it is broken)
>
> you think it is broken cause I think pI and fI should be strictly a
> limiting factor they should never cause a child process to gain caps the
> parent never had.
The parent _does_ have them, in pI.
>> Notice that my equation is _not_ the pP equation from the draft.
>> The draft produces d_pP, and o_pP is something lenient.
>> They are combined using a configurable mask.
>
> I don't want lenient,
Any useful system allows a full range of behavior, from lenient to strict.
The system I proposed would calculate both lenient and strict values,
grant the strict values, and then add a configurable set of bits from
the lenient values.
> I want more strictness on how caps are gained
> ie. through fP *only* .
That is _less_ secure, because damn near everything needs to have bits
set in fP.
The other proposal (mark the parent, so that bits are dropped from pI)
is much easier to use and more compatible.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/