Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!apple!longway!std-unix From: bbadger@X102C.harris-atd.com Newsgroups: comp.std.unix Subject: Re: Standards Update, IEEE 1003.6: Security Extensions Message-ID: <418@longway.TIC.COM> Date: 25 Oct 89 14:41:51 GMT References: <412@longway.TIC.COM> Sender: std-unix@longway.TIC.COM Reply-To: Organization: Harris GISD, Melbourne, FL Lines: 38 Approved: jsq@longway.tic.com (Moderator, John S. Quarterman) From: In article <412@longway.TIC.COM> you write: [with sections liberally elided...] [I've removed more from the quoted message. -mod] >From: Jeffrey S. Haemer >... >IEEE 1003.6: Security Extensions Update >Ana Maria de Alvare reports on the July >10-14, 1989 meeting, in San Jose, California: > 3. PRIVILEGES > > The privilege group has defined interfaces for file privileges. > For example, priv_fstate_t() will return whether privilege for > the file is required, allowed, or forbidden. A process's > privilege can be permitted, effective, or inheritable. Could you explain the meanings of the priv_fstate_t() values? I'm guessing: process: permitted -- process may turn on this privilege effective -- process has turned on this privilege inheritable -- upon an exec, privilege remains in effect file (effect when exec occurs): required -- ORs with the permitted and effective allowed -- ORs with the permitted forbidden -- removes inheritable privileges (and (NOT forb)) p->permitted = (p->inheritable | ip->required | ip->allowed) & ~ip->forbidden p->effective = ((p_effective & p->inheritable) | ip->required) & ~ip->forbidden Is this the intent? -- ----- - - - - - - - ---- Bernard A. Badger Jr. 407/984-6385 |``Get a LIFE!'' -- J.H. Conway Harris GISD, Melbourne, FL 32902 |Buddy, can you paradigm? Internet: bbadger%x102c@trantor.harris-atd.com|'s/./&&/g' Tom sed expansively. Volume-Number: Volume 17, Number 48