From: serge@hallyn.com (Serge E. Hallyn)
To: linux-security-module@vger.kernel.org
Subject: [PATCH V3 07/10] capabilities: remove a layer of conditional logic
Date: Fri, 25 Aug 2017 13:53:21 -0500 [thread overview]
Message-ID: <20170825185320.GC26620@mail.hallyn.com> (raw)
In-Reply-To: <CALCETrXoY_DAMAdcFcOY67SnyW3RaMn=Qa_wFnt0iYNRt1HTHQ@mail.gmail.com>
Quoting Andy Lutomirski (luto at kernel.org):
> On Wed, Aug 23, 2017 at 3:12 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > Remove a layer of conditional logic to make the use of conditions
> > easier to read and analyse.
> >
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> > security/commoncap.c | 13 ++++++-------
> > 1 files changed, 6 insertions(+), 7 deletions(-)
> >
> > diff --git a/security/commoncap.c b/security/commoncap.c
> > index 5d81354..ffcaff0 100644
> > --- a/security/commoncap.c
> > +++ b/security/commoncap.c
> > @@ -551,13 +551,12 @@ static inline bool nonroot_raised_pE(struct cred *cred, kuid_t root)
> > {
> > bool ret = false;
> >
> > - if (cap_grew(effective, ambient, cred)) {
> > - if (!cap_full(effective, cred) ||
> > - !is_eff(root, cred) || !is_real(root, cred) ||
> > - !root_privileged()) {
> > - ret = true;
> > - }
> > - }
> > + if (cap_grew(effective, ambient, cred) &&
> > + (!cap_full(effective, cred) ||
> > + !is_eff(root, cred) ||
> > + !is_real(root, cred) ||
> > + !root_privileged()))
> > + ret = true;
>
> I'm trying to give this whole series the benefit of the doubt. Here's
> what happens when I try to read this:
>
> Did effective grow ambient caps? No, makes no sense. Did ambient
> grow effective caps? No, not that either. Is effective more fully
> grown than ambient? That's probably it, but that sounds really weird.
.. True, that reads weird when you look at it that way. Maybe we
can do better with the arguments passed to those new helpers.
> The rest would IMO be clearer if you named the helpers ruid_eq and
> euid_eq instead of is_eff and is_real.
>
> > return ret;
> > }
> >
> > --
> > 1.7.1
> >
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Richard Guy Briggs <rgb@redhat.com>,
LSM List <linux-security-module@vger.kernel.org>,
linux-audit@redhat.com,
"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
Eric Paris <eparis@redhat.com>, Paul Moore <pmoore@redhat.com>,
Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH V3 07/10] capabilities: remove a layer of conditional logic
Date: Fri, 25 Aug 2017 13:53:21 -0500 [thread overview]
Message-ID: <20170825185320.GC26620@mail.hallyn.com> (raw)
In-Reply-To: <CALCETrXoY_DAMAdcFcOY67SnyW3RaMn=Qa_wFnt0iYNRt1HTHQ@mail.gmail.com>
Quoting Andy Lutomirski (luto@kernel.org):
> On Wed, Aug 23, 2017 at 3:12 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > Remove a layer of conditional logic to make the use of conditions
> > easier to read and analyse.
> >
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> > security/commoncap.c | 13 ++++++-------
> > 1 files changed, 6 insertions(+), 7 deletions(-)
> >
> > diff --git a/security/commoncap.c b/security/commoncap.c
> > index 5d81354..ffcaff0 100644
> > --- a/security/commoncap.c
> > +++ b/security/commoncap.c
> > @@ -551,13 +551,12 @@ static inline bool nonroot_raised_pE(struct cred *cred, kuid_t root)
> > {
> > bool ret = false;
> >
> > - if (cap_grew(effective, ambient, cred)) {
> > - if (!cap_full(effective, cred) ||
> > - !is_eff(root, cred) || !is_real(root, cred) ||
> > - !root_privileged()) {
> > - ret = true;
> > - }
> > - }
> > + if (cap_grew(effective, ambient, cred) &&
> > + (!cap_full(effective, cred) ||
> > + !is_eff(root, cred) ||
> > + !is_real(root, cred) ||
> > + !root_privileged()))
> > + ret = true;
>
> I'm trying to give this whole series the benefit of the doubt. Here's
> what happens when I try to read this:
>
> Did effective grow ambient caps? No, makes no sense. Did ambient
> grow effective caps? No, not that either. Is effective more fully
> grown than ambient? That's probably it, but that sounds really weird.
.. True, that reads weird when you look at it that way. Maybe we
can do better with the arguments passed to those new helpers.
> The rest would IMO be clearer if you named the helpers ruid_eq and
> euid_eq instead of is_eff and is_real.
>
> > return ret;
> > }
> >
> > --
> > 1.7.1
> >
next prev parent reply other threads:[~2017-08-25 18:53 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-23 10:12 [PATCH V3 00/10] capabilities: do not audit log BPRM_FCAPS on set*id Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-23 10:12 ` [PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 15:42 ` Serge E. Hallyn
2017-08-24 15:42 ` Serge E. Hallyn
2017-08-25 5:55 ` James Morris
2017-08-25 5:55 ` James Morris
2017-08-25 10:49 ` Richard Guy Briggs
2017-08-25 10:49 ` Richard Guy Briggs
2017-08-23 10:12 ` [PATCH V3 02/10] capabilities: intuitive names for cap gain status Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:03 ` Serge E. Hallyn
2017-08-24 16:03 ` Serge E. Hallyn
2017-08-24 16:19 ` Richard Guy Briggs
2017-08-24 16:19 ` Richard Guy Briggs
2017-08-24 16:37 ` Serge E. Hallyn
2017-08-24 16:37 ` Serge E. Hallyn
2017-08-24 19:06 ` Kees Cook
2017-08-24 19:06 ` Kees Cook
2017-08-24 21:17 ` Paul Moore
2017-08-24 21:17 ` Paul Moore
2017-08-28 9:19 ` Richard Guy Briggs
2017-08-28 9:19 ` Richard Guy Briggs
2017-08-28 11:08 ` Richard Guy Briggs
2017-08-28 11:08 ` Richard Guy Briggs
2017-09-01 10:18 ` Richard Guy Briggs
2017-09-01 10:18 ` Richard Guy Briggs
2017-09-02 5:37 ` Serge E. Hallyn
2017-09-02 5:37 ` Serge E. Hallyn
2017-09-04 6:57 ` Richard Guy Briggs
2017-09-04 6:57 ` Richard Guy Briggs
2017-09-05 6:45 ` Richard Guy Briggs
2017-09-05 6:45 ` Richard Guy Briggs
2017-08-25 5:56 ` James Morris
2017-08-25 5:56 ` James Morris
2017-08-25 15:08 ` Andy Lutomirski
2017-08-25 15:08 ` Andy Lutomirski
2017-08-25 18:47 ` Serge E. Hallyn
2017-08-25 18:47 ` Serge E. Hallyn
2017-08-23 10:12 ` [PATCH V3 03/10] capabilities: rename has_cap to has_fcap Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:10 ` Serge E. Hallyn
2017-08-24 16:10 ` Serge E. Hallyn
2017-08-25 5:56 ` James Morris
2017-08-25 5:56 ` James Morris
2017-08-23 10:12 ` [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:14 ` Serge E. Hallyn
2017-08-24 16:14 ` Serge E. Hallyn
2017-08-25 5:58 ` James Morris
2017-08-25 5:58 ` James Morris
2017-08-28 12:03 ` Richard Guy Briggs
2017-08-28 12:03 ` Richard Guy Briggs
2017-08-31 14:49 ` Serge E. Hallyn
2017-08-31 14:49 ` Serge E. Hallyn
2017-08-23 10:12 ` [PATCH V3 05/10] capabilities: use intuitive names for id changes Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:17 ` Serge E. Hallyn
2017-08-24 16:17 ` Serge E. Hallyn
2017-08-25 5:59 ` James Morris
2017-08-25 5:59 ` James Morris
2017-08-25 15:06 ` Andy Lutomirski
2017-08-25 15:06 ` Andy Lutomirski
2017-08-25 18:51 ` Serge E. Hallyn
2017-08-25 18:51 ` Serge E. Hallyn
2017-08-25 19:45 ` Andy Lutomirski
2017-08-25 19:45 ` Andy Lutomirski
2017-08-25 20:06 ` Serge E. Hallyn
2017-08-25 20:06 ` Serge E. Hallyn
2017-08-28 1:32 ` James Morris
2017-08-28 1:32 ` James Morris
2017-08-28 9:12 ` Richard Guy Briggs
2017-08-28 9:12 ` Richard Guy Briggs
2017-08-28 20:12 ` Andy Lutomirski
2017-08-28 20:12 ` Andy Lutomirski
2017-08-23 10:12 ` [PATCH V3 06/10] capabilities: move audit log decision to function Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:18 ` Serge E. Hallyn
2017-08-24 16:18 ` Serge E. Hallyn
2017-08-25 6:01 ` James Morris
2017-08-25 6:01 ` James Morris
2017-08-23 10:12 ` [PATCH V3 07/10] capabilities: remove a layer of conditional logic Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:20 ` Serge E. Hallyn
2017-08-24 16:20 ` Serge E. Hallyn
2017-08-25 5:47 ` James Morris
2017-08-25 5:47 ` James Morris
2017-08-25 15:11 ` Andy Lutomirski
2017-08-25 15:11 ` Andy Lutomirski
2017-08-25 18:53 ` Serge E. Hallyn [this message]
2017-08-25 18:53 ` Serge E. Hallyn
2017-08-23 10:12 ` [PATCH V3 08/10] capabilities: invert logic for clarity Richard Guy Briggs
2017-08-23 10:12 ` Richard Guy Briggs
2017-08-24 16:23 ` Serge E. Hallyn
2017-08-24 16:23 ` Serge E. Hallyn
2017-08-25 5:47 ` James Morris
2017-08-25 5:47 ` James Morris
2017-08-23 10:13 ` [PATCH V3 09/10] capabilities: fix logic for effective root or real root Richard Guy Briggs
2017-08-23 10:13 ` Richard Guy Briggs
2017-08-24 16:29 ` Serge E. Hallyn
2017-08-24 16:29 ` Serge E. Hallyn
2017-08-24 16:44 ` Richard Guy Briggs
2017-08-24 16:44 ` Richard Guy Briggs
2017-08-24 16:47 ` Serge E. Hallyn
2017-08-24 16:47 ` Serge E. Hallyn
2017-08-25 5:48 ` James Morris
2017-08-25 5:48 ` James Morris
2017-08-23 10:13 ` [PATCH V3 10/10] capabilities: audit log other surprising conditions Richard Guy Briggs
2017-08-23 10:13 ` Richard Guy Briggs
2017-08-24 16:35 ` Serge E. Hallyn
2017-08-24 16:35 ` Serge E. Hallyn
2017-08-25 5:50 ` James Morris
2017-08-25 5:50 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170825185320.GC26620@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.