Standards Update, IEEE 1003.6: Security Extensions

bbadger at bbadger at
Thu Oct 26 00:41:51 AEST 1989

From: <bbadger at>

In article <412 at longway.TIC.COM> you write:
[with sections liberally elided...]
[I've removed more from the quoted message.  -mod]
>From: Jeffrey S. Haemer <jsh at>
>IEEE 1003.6: Security Extensions Update
>Ana Maria de Alvare <anamaria at> reports on the July
>10-14, 1989 meeting, in San Jose, California:
>      The privilege group has defined interfaces for file privileges.
>      For example, priv_fstate_t() will return whether privilege for
>      the file is required, allowed, or forbidden.  A process's
>      privilege can be permitted, effective, or inheritable.
Could you explain the meanings of the priv_fstate_t() values?
I'm guessing:
	permitted -- process may turn on this privilege
	effective -- process has turned on this privilege
	inheritable -- upon an exec, privilege remains in effect
file (effect when exec occurs):
	required -- ORs with the permitted and effective
	allowed -- ORs with the permitted
	forbidden -- removes inheritable privileges (and (NOT forb))

p->permitted = (p->inheritable | ip->required | ip->allowed) & ~ip->forbidden
p->effective = ((p_effective & p->inheritable) | ip->required) & ~ip->forbidden

Is this the intent?  
    -----	-	-	-	-	-	-	-	----
Bernard A. Badger Jr.	407/984-6385          |``Get a LIFE!''  -- J.H. Conway
Harris GISD, Melbourne, FL  32902             |Buddy, can you paradigm?
Internet: bbadger%x102c at|'s/./&&/g' Tom sed expansively.

Volume-Number: Volume 17, Number 48

More information about the Comp.std.unix mailing list