All of lore.kernel.org
 help / color / mirror / Atom feed
* ld.so(8) need clarification
@ 2017-10-10 13:48 Yubin Ruan
       [not found] ` <CAJYFCiOX0rt6sRioUqQei2dyz_F9+43DbQub3Ru5GLSS_efqAQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Yubin Ruan @ 2017-10-10 13:48 UTC (permalink / raw)
  To: linux-man

Hi,
In ld.so(8), when explaining whether a process is in the so-called
"secure execution mode", there are three circumstances:

   *  The process's real and effective user IDs differ, or the real and
      effective group IDs differ.  This typically occurs as a result of
      executing a set-user-ID or set-group-ID program.

   *  A process with a non-root user ID executed a binary that conferred
      permitted or effective capabilities.

   *  A nonzero value may have been set by a Linux Security Module.

I am confused with the second circumstance. What does it mean by
"confer permitted or effective capabilities"?

Yubin
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: ld.so(8) need clarification
       [not found] ` <CAJYFCiOX0rt6sRioUqQei2dyz_F9+43DbQub3Ru5GLSS_efqAQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2017-10-10 16:58   ` Michael Kerrisk (man-pages)
       [not found]     ` <CAKgNAkgAvX_V59JpjT48Lgtiqco4a8p0myZfjBV7z-jOp5K8tg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Kerrisk (man-pages) @ 2017-10-10 16:58 UTC (permalink / raw)
  To: Yubin Ruan; +Cc: linux-man

Hello Yubin,

On 10 October 2017 at 15:48, Yubin Ruan <ablacktshirt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi,
> In ld.so(8), when explaining whether a process is in the so-called
> "secure execution mode", there are three circumstances:
>
>    *  The process's real and effective user IDs differ, or the real and
>       effective group IDs differ.  This typically occurs as a result of
>       executing a set-user-ID or set-group-ID program.
>
>    *  A process with a non-root user ID executed a binary that conferred
>       permitted or effective capabilities.
>
>    *  A nonzero value may have been set by a Linux Security Module.
>
> I am confused with the second circumstance. What does it mean by
> "confer permitted or effective capabilities"?

Maybe this is a language issue. Doe it make more sense as:

" A process with a non-root user ID executed a binary that conferred
capabilities to the process's permitted or effective capability set."

?

Cheers,

Michael

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: ld.so(8) need clarification
       [not found]     ` <CAKgNAkgAvX_V59JpjT48Lgtiqco4a8p0myZfjBV7z-jOp5K8tg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2017-10-11  1:53       ` Yubin Ruan
       [not found]         ` <CAJYFCiMV-ymfv=XugRZRUrdQQT1PnF-HmLdOBUk2z2P5UL4gGg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Yubin Ruan @ 2017-10-11  1:53 UTC (permalink / raw)
  To: Michael Kerrisk (man-pages); +Cc: linux-man

Thanks Michael,

2017-10-11 0:58 GMT+08:00 Michael Kerrisk (man-pages) <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>:
> Hello Yubin,
>
> On 10 October 2017 at 15:48, Yubin Ruan <ablacktshirt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> Hi,
>> In ld.so(8), when explaining whether a process is in the so-called
>> "secure execution mode", there are three circumstances:
>>
>>    *  The process's real and effective user IDs differ, or the real and
>>       effective group IDs differ.  This typically occurs as a result of
>>       executing a set-user-ID or set-group-ID program.
>>
>>    *  A process with a non-root user ID executed a binary that conferred
>>       permitted or effective capabilities.
>>
>>    *  A nonzero value may have been set by a Linux Security Module.
>>
>> I am confused with the second circumstance. What does it mean by
>> "confer permitted or effective capabilities"?
>
> Maybe this is a language issue. Doe it make more sense as:
>
> " A process with a non-root user ID executed a binary that conferred
> capabilities to the process's permitted or effective capability set."

Yes this makes more sense. But I am still confused with why this is. I
mean, "a binary that conferred capabilities to the process's permitted
or effective capability set", is a very very normal scenario. What
does it really mean by "the process's permitted or effective
capability set". For me, that is just _any_ capability set, which is
not that rational...

Yubin
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: ld.so(8) need clarification
       [not found]         ` <CAJYFCiMV-ymfv=XugRZRUrdQQT1PnF-HmLdOBUk2z2P5UL4gGg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2017-10-13 10:56           ` Michael Kerrisk (man-pages)
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Kerrisk (man-pages) @ 2017-10-13 10:56 UTC (permalink / raw)
  To: Yubin Ruan; +Cc: linux-man

Hi Yubin,

On 11 October 2017 at 03:53, Yubin Ruan <ablacktshirt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Thanks Michael,
>
> 2017-10-11 0:58 GMT+08:00 Michael Kerrisk (man-pages) <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>:
>> Hello Yubin,
>>
>> On 10 October 2017 at 15:48, Yubin Ruan <ablacktshirt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>> Hi,
>>> In ld.so(8), when explaining whether a process is in the so-called
>>> "secure execution mode", there are three circumstances:
>>>
>>>    *  The process's real and effective user IDs differ, or the real and
>>>       effective group IDs differ.  This typically occurs as a result of
>>>       executing a set-user-ID or set-group-ID program.
>>>
>>>    *  A process with a non-root user ID executed a binary that conferred
>>>       permitted or effective capabilities.
>>>
>>>    *  A nonzero value may have been set by a Linux Security Module.
>>>
>>> I am confused with the second circumstance. What does it mean by
>>> "confer permitted or effective capabilities"?
>>
>> Maybe this is a language issue. Doe it make more sense as:
>>
>> " A process with a non-root user ID executed a binary that conferred
>> capabilities to the process's permitted or effective capability set."
>
> Yes this makes more sense. But I am still confused with why this is. I
> mean, "a binary that conferred capabilities to the process's permitted
> or effective capability set", is a very very normal scenario. What
> does it really mean by "the process's permitted or effective
> capability set". For me, that is just _any_ capability set, which is
> not that rational...

Agreed. I simplified the sentence to say just:

       *  A process with a non-root user ID executed a binary that
          conferred capabilities to the process.

Cheers,

Michael

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-13 10:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-10 13:48 ld.so(8) need clarification Yubin Ruan
     [not found] ` <CAJYFCiOX0rt6sRioUqQei2dyz_F9+43DbQub3Ru5GLSS_efqAQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-10-10 16:58   ` Michael Kerrisk (man-pages)
     [not found]     ` <CAKgNAkgAvX_V59JpjT48Lgtiqco4a8p0myZfjBV7z-jOp5K8tg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-10-11  1:53       ` Yubin Ruan
     [not found]         ` <CAJYFCiMV-ymfv=XugRZRUrdQQT1PnF-HmLdOBUk2z2P5UL4gGg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-10-13 10:56           ` Michael Kerrisk (man-pages)

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.